linux

May 30, 2016 | Author: Siddhartha Gurjala | Category: N/A
Share Embed Donate


Short Description

Download linux...

Description

Linux Administration – Introducttion

Page 1 of 167

1. Linux Introduction Linux is a modern, flexible, and mature operating system. Although it started life on the Intel platform, it has since been ported to many other platforms such as Amiga, DEC Alpha, Apple Power PC, Sun workstations, and others. Linux boasts many other features: Multitasking - Linux is a true preemptive multitasking operating system. All processes run independently of each other and leave processor management to the kernel. Networking - Linux supports a multitude of networking protocols. Interoperability - Linux can interoperate with Windows 9x/NT/NT 2000, Novell, Mac, and most other versions of UNIX. Multi-user - Linux can handle multiple users simultaneously logged on to one machine. Advanced memory management Traditional UNIX systems used swapping to manage memory, where the entire memory structure of a program was written to disk when the system began running low on memory. Linux uses paging, a method that intelligently allocates memory, when system memory is running low, by prioritizing memory tasks. Linux currently supports up to 64GB of RAM. POSIX support POSIX defines a minimum interface for UNIX-type operating systems. Linux currently supports POSIX 1003.1. This ensures that POSIX-compliant UNIX programs will port easily to Linux. Multiple file systems Linux must be installed on Extended 2 Linux-formatted partitions, but if certain other OS file systems already exist on the same host, Linux will support several of these file system formats as well, including DOS/Windows, OS/2, and Novell. This is just another interoperability feature provided by Linux.

1.1. Open Source and Free Software All Linux distributions are based on the same idea: Take the Linux kernel and surround it with freely available software to create a usable operating system. Red Hat Linux 7.0 used Linux kernel 2.2, while version 9 uses kernel 2.4. Red Hat Software continuously evolves their distribution by using the most current, stable kernel as well as the latest available software for each of its distributions.

1.1.1. History Although Linux came into being in 1991, it can trace its lineage back much further. In 1969, a Bell Labs programmer named Ken Thompson invented the UNIX operating system. Around the same time, another programmer, Dennis Ritchie, was working on a new computer language called C. By 1974, the two had rewritten UNIX in the C language, and ported it to several different machines. It is this combination of UNIX and C that Linux owes much of its heritage to. UNIX and C are at the heart of Linux and the Open Source movement. While languages such as Purl, Python, Java, and others make the headlines today, far more lines of open source code have been written than any other single language. Though many of these programs have been ported to other operating systems, such as Windows NT, UNIX and UNIX-like operating systems have benefited from Open Source software the most. Linux In 1991, a student at Helsinki University in Finland posted this message to the Usenet group comp.os.minix: From: [email protected] (Linus Benedict Torvalds) Newsgroups: comp.os.minix Subject: Gcc-1.40 and a posix-question Message-ID: Date: 3 Jul 91 10:00:50 GMT Hello netlanders, Due to a project I'm working on (in minix), I'm interested in the posix standard definition. Could somebody please point me to a (preferably) machine-readable format of the latest posix rules? Ftp-sites would be nice. It was followed up a few months later with this post: www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Introducttion

Page 2 of 167

From: [email protected] (Linus Benedict Torvalds) Newsgroups: comp.os.minix Subject: What would you like to see most in minix? Summary: small poll for my new operating system Message-ID: Date: 25 Aug 91 20:57:08 GMT Organization: University of Helsinki The student, of course, was Linus Torvalds. Linus had just purchased a (then) state-of-the-art 386 PC, and wanted, among other things, to learn how it worked. The MS-DOS operating system was too limiting, and immediately discounted. At the time, he had been using another UNIX-like operating system called Minix, a microkernel-based teaching operating system. Minix had many limitations, however, so Linus set about writing a new operating system that did not suffer the limitations of MS-DOS and Minix. Linus was by no means the first person to come up with the idea of a free UNIX-like operating system. Several years earlier The Free Software Foundation, headed by Richard M. Stallman, announced a kernel called The HURD. Unfortunately, efforts on this new kernel faltered, and it wasn't until 1996 that a stable version of The HURD was available. William and Lynne Jolitz in 1991 were also busy porting Berkeley UNIX, BSD, to the Intel platform. But Linux was quickly propelled to the front of the pack by the large army of programmers from all across the world, who all pitched in their expertise for the Linux kernel. Instead of the project becoming chaotic and unmanageable, Linux actually benefited from the large number of coders and testers, and nearly instant feedback every time a new kernel was released, which was often? At times, several versions of Linux were released in a single day. A few years after development had begun on Linux, it was a full-featured, stable operating system. Today, the Linux kernel is developed the same as it was in the beginning. Programmers across the globe collaborate on discussion groups and e-mail lists to work on the Linux kernel. Most are not paid for their efforts, doing it instead from a sense of community that binds Linux developers.

1.2. GPL and Open Source Licenses The terms “Free” and “Open Source” software are commonly used to mean the same thing. While the differences are subtle, they are very important. Free Software Free software is the term typically used to refer to software that has been released under the GNU Public License, or GPL. The GPL (also called Copyleft) was designed with the philosophy that all software should be free. Not free as in zero prices, but free as in open. As the Free Software Foundation's Richard Stallman puts it in his essay “The GNU Operating System and the Free Software Movement.” The term "Free software" is sometimes misunderstood-it has nothing to do with price. It is about freedom. To clear up some of the confusion, the following is the definition of Free software. A program is Free software for users if:  

You have the freedom to run the program, for any purpose. You have the freedom to modify the program to suit your needs. (To make this freedom effective in practice, you must have access to the source code, since making changes in a program without having the source code is exceedingly difficult.)

You have the freedom to redistribute copies, either gratis or for a fee. You have the freedom to distribute modified versions of the program, so the community can benefit from your improvements. Since "free" refers to freedom, not to price, there is no contradiction between selling copies and Free software. In fact, the freedom to sell copies is crucial: collections of Free software sold on CD-ROMs are important for the community, and selling them is an important way to raise funds for Free software development. Therefore, a program that people are not free to include on these collections is not Free software

1.3. About Linux You hear people talking about Linux all the time. But you also probably hear about the "Red Hat" Linux distribution, and names like SuSE, Caldera, Debian, Slackware, and others. Are they all Linux?

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Introducttion

Page 3 of 167

Recall that Linux is the operating system kernel. That is, Linux is the very heart of the operating system. However, like all operating systems, to be useful, Linux has to have utilities and programs to do the actual work. This is where distributions come in. All of the Linux distributions run the Linux kernel. But after that, the distributions vary from each other to some degree. For example, the Slackware distribution looks and feels much like Berkeley UNIX, whereas the SuSE distribution is much more System V'ish. Red Hat Linux tends to fall somewhere in between but is leaning toward System V more and more with each new release.

1.4. Current Support for Networking Services Linux was built from the start to be a network operating system. This may seem obvious now, but consider that in 1991 nobody knew how important networking and the Internet would be to modern-day computing. This gives Linux a big edge in terms of network stability and integration. Today, Linux supports the networking protocols 

Protocol



Description

TCP/IP

This is the protocol used by the Internet, and on most local networks

IP Version 6

This is the protocol that will eventually replace IP version 4 on the Internet.

AppleTalk

The protocol used for Apple computers to communicate with each other.

CCITT X.25 Packet Layer

The X.25 networking protocol.

Acorn Econet/AUN

An older protocol, used by Acorn computers to access file and print servers.

IPX

The Novell networking protocol, used to access Novell file and print servers.

1.5. Flexibility of Open Source Software Much ado has been made about Free and Open Source software, but what do you really get that you can't get from closed operating systems such as Microsoft Windows? StabilityWhen a version of an open source program is released on the Internet, there is a large peer review of the source code. With so many people looking at the code, there's a much better chance somebody will see a bug, and even offer a correction. This type of peer review just isn't possible in the closed source world. ModificationsIn a closed source environment, you're at the mercy of the vendor. If you want or need a feature, you can submit a request for features, and only hope the vendor will agree with you. If not, you're stuck. With open source, you have the source code, and you can add the features yourself, if need be. Or, you can hire a programmer to make the changes for you. Many times, you can post a message to the appropriate Usenet newsgroup saying "Gee, it sure would be nice if program Foo could do this." Sometimes somebody will have a patch written within a couple days that does just what you want. SupportThere are literally thousands of open source advocates out there on newsgroups and e-mail lists who can answer your questions when you need help. Best of all, it's free. Contrast this with the big money you throw to the closed source vendors, who may or may not be able to help you. And if you really feel the need to pay for support, there are several companies out there now providing 24/7 technical support for Linux.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Distribution Comparision

Page 4 of 167

2. The Linux Distribution Comparison Linux is started taking the world of computers by storm. Corporate greed, insane legal licensing and constant Windows vulnerabilities are starting to take its toll on the general computing population, and many are looking for an alternative. For some Linux is the answer. The Linux Operating System is very different than proprietary Operating Systems. Linux has a community based development model where many people, organizations and businesses jointly develop the software. With this style of development, there is no one entity that controls everything, but because of this, it is quite difficult to build a coherent system that will run on personal computers. This is where distributions come in. Distributions are complete Linux Systems that are built by companies or organizations to aid in the support and installation of the Linux Operating System. Distributions take care of all of the rudimentary tasks of building the system, such as building and testing the software, providing technical support and to provide security updates and bug fixes, etc. There are all types of distributions available, from ones that are very user friendly to advanced ones that allow you to build your system from the source code. We will cover the most popular intermediate Linux distributions available today, RedHat Linux Fedora Linux, RedHat Enterprise Linux, Mandrake Linux, Suse Linux, Debian GNU/Linux, Slackware Linux and Caldera OpenLinux. Intermediate distributions give the user plenty of control and choice over their system, yet provide easy to use tools to administer and maintain their system. There is no one distribution that will perfectly fit into everyone’s needs. Each one has its own strengths and weaknesses which will vary from person to person. This article covers all the major advantages (and disadvantages) each of these distributions have to offer and hopefully give you enough information to help you correctly choose which Linux Distribution is right for your computer.

2.1 Red Hat Linux For many, the name Red Hat www.redhat.com epitomises Linux, as it is probably the best-known Linux company in the world. Founded in 1994, Red Hat, Inc. has only recently started showing signs of profitability, due to services rather than the distribution itself. Yet, Red Hat Linux is a first choice for many professionals and is likely to be a major player for a long time. They wisely resisted any rapid expansion plans during the dot-com boom times in 1998 - 1999, concentrating on their core business. This type of prudent management, if continued, is likely to guarantee stability and dependability. What is so special about Red Hat Linux? It is a curious mix of conservative and leading-edge packages put together on top of many knowledge-intensive utilities developed in-house. The packages are not the most up-todate; once a new beta version is announced, the package versions are frozen, except for security updates. The result is a well-tested and stable distribution, the beta program and a bug reporting facility are open to public and there is a great spirit on the public mailing lists. Many mission-critical servers around the world run Red Hat Linux. One other reason for Red Hat's success is the variety of popular services the company offers. The software packages are easy to update via Red Hat Network, a free repository of software and valuable information. A vast range of support services is available through the company and, while not always cheap, you are virtually assured of an excellent support by highly skilled support personnel. The company has even developed a certification program to further popularize its distribution - the RHCE (Red Hat Certified Engineer) training and examination are now available in most parts of the world. All these factors have contributed to the fact that Red Hat is now a recognized brand name in the IT industry.

2.1.1 Fedora Linux Fedora Linux was started by Redhat Linux in September 2003 as a community based open development Operating System based on the Redhat Linux distribution. The Redhat distribution was first released in October 1994 and has progressed to one of the most popular Linux Distributions available today.

2.1.2 RedHat Enterprise Linux Red Hat Enterprise Linux creates a reliable, secure, high-performance platform designed for today’s commercial environments—with capabilities that match or surpass those of proprietary operating systems. Sold in a family of four products that span client systems to the largest servers, Red Hat Enterprise Linux delivers a consistent application, management, and user environment. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Distribution Comparision

Page 5 of 167

Red Hat Enterprise Linux is the corporate Linux standard, already at work running some of the world’s largest commercial, government, and academic institutions. For any deployment—from the desktop to the datacenter— Red Hat Enterprise Linux delivers unmatched performance and cost savings, and the freedom of open source technology. Following is a figure describes RedHat’s Network:

Figure: RedHat Network

Server Solutions: Red Hat Enterprise Linux AS (Advanced Server): Red Hat Enterprise Linux AS is the top-of-the-line server operating system solution. Supporting the largest servers, it is the ultimate solution for large departmental and datacenter server deployments. Red Hat Enterprise Linux ES (Enterprise Server): Red Hat Enterprise Linux ES is the perfect server operating system solution for the majority of today's business computing needs – suitable for systems ranging from the edge-of-network to medium-scale departmental deployments.

Client Solutions: Red Hat Enterprise Linux WS (Work Station) and Desktop: Red Hat Enterprise Linux WS is the desktop/client partner for Enterprise Linux AS and Enterprise Linux ES. Red Hat Enterprise Linux WS is ideal for all desktop deployments, including office productivity applications, S/W development environments, and targeted ISV client applications. When configured as a headless workstation, Enterprise Linux WS is also ideally suited for use as a compute node in a High Performance Computing (HPC) environment.

Red Hat Enterprise Linux products are based on the same core kernel, libraries, and utilities, and also share the same major package sets. However, because Red Hat Enterprise Linux WS and Red Hat Desktop are not designed for use in server environments, there are some differences between family members in terms of their server package sets.

Recommended www.wilshiresoft.com [email protected]

Red Hat Enterprise

Red Hat Enterprise

Red Hat Enterprise

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Red Hat Desktop Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Distribution Comparision

Page 6 of 167

product:

Linux AS

Linux ES

Linux WS

Common usages

Databases, ERP, CRM, applications

Small-medium web, file, and print configurations

Technical, virtualization, trading, power user

Personal productivity: mail, document processing, browsing, instant messaging; software development

Includes desktop applications

Yes

Yes

Yes

Yes

Supported by leading ISV applications

Yes

Yes

Yes

Yes 

Certified on leading OEM hardware

Yes

Yes

Yes

Yes

Includes dedicated server packages

Yes

Yes

No

No

Web and phonebased comprehensive support 24x7 - 1 year Red Hat Network

Yes

No

No

No

Supports X86 systems (Intel Pentium Pro, AMD Athlon, or compatible), Intel EM64T, and AMD64 systems

Yes

Yes

Yes

Yes

Supports Itanium systems

Yes

Yes

Yes

No

Supports IBM zSeries, POWER series, and S/390 series systems

Yes

No

No

No

2.1.3 Red Hat Enterprise Linux system configuration limits The following table lists some Red Hat Enterprise Linux 3 supported system and software limits. This table will be updated as additional qualification and testing is completed. These minimum and maximum system configuration limits identify the technical capabilities of the Red Hat Enterprise Linux technology. Note: Following chart doesn’t apply to Red Hat Enterprise Linux WS and Desktop

X86

Minimum

Maximum

Comments

Memory:

256MB

64GB

Maximum varies with chosen kernel; Red Hat Enterprise Linux ES supports up to 8GB

CPUs:

1 (300MHz, i686)

16

16 physical CPUs or 8 Hyperthreaded CPUs; AMD K6 (i586) is not supported, Red Hat Enterprise Linux WS and ES support up to 2 physical CPUs (4 Hyperthreaded) CPUs per system

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Distribution Comparision

Itanium2 *

AMD64

Page 7 of 167

Memory:

512MB

96GB

96Gb applies to HP Integrity systems. Maxmimum memory for Intel Tiger-based systems is 32GB

CPUs:

1

8

Red Hat Enterprise Linux WS for Itanium supports up to 2 CPUs per system

Memory:

512MB

16GB

CPUs:

1

4

Red Hat Enterprise Linux WS for AMD64 supports up to 2 CPUs per system

800MB

1TB

Quoted minimum is for a custom installation. Sparse files can be up to 4TB

File system size

2.2. Mandrake Linux Mandrake Linux was first started in 1998 as a custom built Redhat Linux distribution. The company that releases Mandrake Linux, Mandrakesoft, is a publicly traded company in France. More recently Mandrakesoft has just gotten out of bankruptcy and looks to continue to be a very strong Linux Distribution contender Mandrake Linux was created with the goal of making Linux easier to use for everyone. At that time, Linux was already well-known as a powerful and stable operating system that demanded strong technical knowledge and extensive use of the "command line"; Mandrake saw this as an opportunity to integrate the best graphical desktop environments and contribute its own graphical configuration utilities and quickly became famous for setting the standard in ease-of-use and functionality. With this innovative approach, Mandrake offers all the power and stability of Linux to both individuals and professional users in an easy-to-use and pleasant environment. Thousands of new users are discovering Linux each and every day and finding it a complete replacement for their previous operating system. Linux as a server or workstation has no reason to be jealous of any other more established operating systems. The GPL license (General Public License) governs the development and redistribution of Mandrake Linux. This license provides everyone the right to copy, distribute, examine, modify and improve the system as long as the results of these modifications are returned to the community. It is this development model that allows Mandrakelinux Linux to collect the best ideas from developers & users from across the globe to result in a rich variety of techniques and solutions.

2.3 SuSE Linux Suse Linux was started in 1992, and was the first "real" commercial Linux vendor to appear. Suse is a very strong Linux Distributor, especially in Germany and other European countries. In January of 2004, Novell acquired Suse, and another Linux company, Ximian. Suse Linux Professional 9.1, which was released in May 2004, is the first release since Novell acquired Suse Linux. SuSE www.suse.com is another company with the desktop focus, not very different from Mandrake in this respect. The distribution has received positive reviews for its installer and configuration tools, called Yast, developed by SuSE's own developers. The documentation, which comes with the boxed product, has repeatedly been labeled as the most complete, thorough and usable by far. Linux Journal has recently awarded SuSE Linux 7.3 the "Product of the Year" title. The distribution has achieved a dominant market share in German speaking and some Eastern European countries. However, SuSE has been suffering from lack of profitability, having been forced to close down their offices in the USA and reduce staff - due to high cost of development in Germany. Also, SuSE's development takes place completely behind closed doors and no public betas are provided for testing. The release cycle is more frequent (SuSE released three versions in 2001) and they have a policy of not making the software available for download long after the boxed versions are in stores. Even so, SuSE does not provide ISO images of their distribution, relying on packaged software for the vast majority of their user base.

2.4 Debian GNU/Linux Debian GNU/Linux www.debian.org is a completely non-commercial project; perhaps the purest form of the ideals that started the free software movement. Hundreds of volunteer developers from all over the world contribute to the project, which is well managed and strict, assuring a quality distribution known as Debian. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Distribution Comparision

Page 8 of 167

At any time during the development process, there are three branches in the main directory tree - "stable", "testing" and "unstable", the last of which is often referred to as "sid". When a new version of a package appears, it is placed in the unstable branch for first testing. If it passes, the package moves to the testing branch, which undergoes rigorous testing lasting many months. This branch is only declared stable after a very thorough testing. As a result of this, the distribution is possibly the most stable and reliable, albeit not the most up-to-date, suitable for deployment on servers. Debian's other main claim to fame is the reputation for being hard to install, unless the user has intimate knowledge about the computer's hardware. Compensating this failing is "apt-get", a convenient installer for Debian packages. Many Debian users joke that their installer is so bad, because they only need it once - as soon as Debian is up and running, all future updates of any scale can be accomplished via the apt-get utility. Take it from a person who has tried many distributions - once you have experienced the dependency headaches while installing software on any RPM-based distribution, you will stare in absolute disbelief at the painless and convenient process of installing and upgrading your Debian packages. You might even think that you have just entered paradise...

2.5 Slackware Linux Slackware www.slackware.com is one of the oldest distributions around and it is very popular among experienced Linux users. It offers no bells and whistles, sticking with a text-based installer and no graphical configuration tools. Where other distributions tried hard to develop easy-to-use front ends for many common utilities, Slackware offers no hand-holding and everything is still done through configuration files. Because of this, Slackware is not recommended to novice users. Nevertheless, Slackware has a magic appeal to many users. It is extremely stable and secure - very suitable for server deployment. Experienced Linux administrators find that the distribution is less buggy as it uses most packages in their pristine forms and without too many in-house enhancement which have a potential to introduce new bugs. Releases are infrequent although up-to-date packages are always available for download after the official release. Slackware is a fine distribution for those who are interested in deeper knowledge of Linux internals. Perhaps the best characteristic of this distribution I have heard is this: If you need help with your Linux box, find a Slackware user. He is more likely to fix the problem than a user familiar with any other distribution.

2.6 Caldera OpenLinux Caldera www.caldera.com has been through bad times in the last few months, suffering from severe drops in share prices and being forced to reduce staff. They have released a version of OpenLinux in July 2001, surrounded in enormous controversy. The company has introduced "per-seat licensing" for business users, requiring users to purchase a separate license for every workstation or server installed. This unprecedented move drew lots of criticism and prompted many users to switch to another distribution. Caldera OpenLinux 3.1 is still available for non-commercial use as a free download. The reviews have been positive, branding the distribution as easy-to-install and very stable, suitable for heavy development work. It lacks the Gnome desktop environment and associated libraries, which means that some excellent GTK+ based applications, such as Galeon or Gnumeric, are not available. Note: Linux is actually only the kernel of a complete system. Many contributors like to call a complete Linux system a GNU/Linux system. The GNU stands for GNU's Not Unix (a recursive acronym) and is the system first started by Richard Stallman, then later developed with the coordination of the Free Software Foundation. The whole name idea is to get the point of freedom across when you discuss the operating system.

2.7. Top 6 Distributions This is difficult to determine, since Linux distributions are often unable to determine their own sales figures due to the multiple installation models, and lack of strict 'per-seat' licensing. However, the popular www.distrowatch.com site lists features of 90 major Linux distributions, with 'interest counts' (based on page requests for each of the distributions). We also took the 20 most popular distributions according to Distrowatch, and using the 'link:' feature of Google, determined the number of in-pointing links to each distribution's web site (i.e. number of sites that link to each distribution's homepage). This helped to validate the findings of Distrowatch. The results were as follows: www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Distribution Comparision

Page 9 of 167

Distribution

Rank from Distrowatch

Rank from Google

Combined Ranking

Mandrake

1

3

=1

Redhat

2

2

=1

Debian

3

1

=1

SuSE

4

6

=4

Slackware

5

5

=4

Caldera/SCO

6

4

5

2.7.1 Evaluation Criteria and Description Evaluation of these distributions according to the following categories, We do not give a 'good', 'bad' rating, we merely list the qualities of each distribution. Criterion

Reason

Organization structure / description of company structure etc. Any recent or intended major changes.

Funding in the Open Source world is especially difficult following 'dot-com' collapse. Many mergers, some distributions and companies have closed. Mergers, while possibly helping the market in the long-run, could give

Ease of installation process, is it graphically based?

The installation process is the first thing the end-user will normally see. The feel of this process gives a good clue to what the distribution things of their target market. Some are graphical and need only a few mouse clicks, some require the skills of a system administrator.

Is the entire distribution itself open source?

If parts are non-open source, few developers outside the company itself (if corporate) would be willing to fix / enhance. For totally open source distributions, there will always be a migration path – if the company producing a excellent product goes under, someone else will take up that product.

Any insistence of 'per seat' licensing?

Per seat licensing means that the vendor of the distribution tries to insist on a payment for every seat using that distribution (similar to the current Microsoft licensing model).

Target market of distribution

Different distributions have widely differing target markets – the Linux world is extremely diverse.

Support for adding bug fixes and extra hardware support.

Users need the ability to upgrade for security fixes and new hardware. Whether this is free, and how easy to do, varies widely.

License fee.

If a license fee is required or recommended for the distribution, what is the fee, and what are the benefits.

2.7.2 Organizational Structure Mandrake

A large public company, based in France. Some minor reports of financial problems, reasonable levels of sales growth. No indications of any likely merger activity.

Redhat

A large US based limited company. Over $US100M in the bank, most secure of all Linux distributions.

Debian

Not a for-profit company, a collection of developers, expenses paid by donations. Some suspicions in the community that Debian is becoming less popular.

SuSE

Commercial company, based in Germany. Some changes in that they are merging some development to become part of UnitedLinux.

Slackware

Another non-commercial distribution, centered around a few dedicated individuals, with a variety of other contributors.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Distribution Comparision

Caldera/SCO

Page 10 of 167

Relatively large public US based company, involved in Linux as well as other nonLinux software. Some changes in that they are merging some development to become part of UnitedLinux. May 2003 update : Caldera/SCO now neither distribute nor support Linux

2.7.3 Ease of Installation Process Distribution

Comments

Mandrake

Very well respected installer, graphical, questions are mainly non-technically worded.

Redhat

Graphical installer, easy to use.

Debian

Text based installer, lots of options.

SuSE

Graphical, easy to use.

Slackware

Text based, said to have steep learning curve.

Caldera/SCO

Easy to use, but text based.

2.7.4 Commitment to Open Source Distribution

Comments

Mandrake

Yes, they are committed to open source and donate time to popular applications.

Redhat

Same as Mandrake.

Debian

Committed to keeping everything open source:

SuSE

Everything except 'YAST', the system setup tool. This has caused some controversy. Now part of UnitedLinux : see Caldera.

Slackware

Everything is open source.

Caldera/SCO

Some open source community concerns that binaries under UnitedLinux binaries may not be freely distributable, only sources will be. UnitedLinux keen to play down any concerns they are not fully open source. Many in the industry believe Caldera treads a fine line on the edge of breaking the spirit of the GPL licensing agreement.

2.7.5 Per Seat Licensing Distribution

Comments

Mandrake

Possible to get security updates, online support etc without per-seat license. License just makes support faster.

Redhat

No per seat licensing requirement.

Debian

Cost-free (donations suggested).

SuSE

Maintenance utility requires a per seat license, but SuSE keen to deny reports that their entire product could change to per-seat licensing now that they are part of UnitedLinux.

Slackware

Cost-free.

Caldera/SCO

Per seat, a fact that is quite unpopular with the Linux community.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Distribution Comparision

Page 11 of 167

2.7.6 Target Market Distribution

Comments

Mandrake

Said to be one of the easier to use Linux distributions for desktop users, however, default KDE (desktop) requires some relearning for previous Windows users.

Redhat

Traditionally Redhat concentrated on the server market, but now they are also promoting the desktop market. Same comments about KDE as for Mandrake.

Debian

Debian is said to be hard to learn, more suited for experienced Linux users.

SuSE

Quite similar to Mandrake – easy, but not optimized to be like Windows.

Slackware

Same as Debian.

Caldera/SCO

The cheapest 'workstation' product targets software developers not 'normal' users.

2.7.7 Software Upgrades / Support Distribution

Comments

Mandrake

Even non-registered users have access to security upgrades, dedicated site.

Redhat

Automatic update agent.

Debian

Software support is okay, but installation method is text-only.

SuSE

Automatic update facility (this is the non-GPL part of SuSE).

Slackware

No automated update, users are expected to manually select their own updates from a website.

Caldera/SCO

Automatic update facility.

2.7.8 License Fee Distribution

Comments

Mandrake

$US25 - if you want support.

Redhat Desktop and WS RH Enterprise: AS RH Enterprise: ES

$US40. $ US 1499 (for Standard Edn) and $ US 2499 (Premium Edn) $ US 400 (for Standard Edn) and $ US 500 (Premium Edn)

Debian

Cost-free (donations suggested).

SuSE

$US40 or US$80 (some users say $US40 product does not have some commonly required features).

Slackware

Cost-free (donations suggested).

Caldera/SCO

$US99 per user.

Conclusion The Linux world has surprising variety. There are distributions made to look like Windows, distributions that only a system administrator could install, and everything in between. There are business models everywhere between ‘it’s all free, please donated' And that's just the top 6 distributions. Take a look at www.distrowatch.com, check out some of the smaller distributions, and you'll find an even more diverse world.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Installation

Page 12 of 167

3. Linux Installation 3.1 Hardware Requirements The following information represents the minimum hardware requirements necessary to successfully install Red Hat Linux 9: - Minimum: Pentium-class - Recommended for text-mode: 200 MHz Pentium-class or better - Recommended for graphical: 400 MHz Pentium II or better Hard Disk Space (NOTE: Additional space will be required for user data):

Personal Desktop A personal desktop installation, including a graphical desktop environment, requires at least 1.7GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 1.8GB of free disk space.

Workstation A workstation installation, including a graphical desktop environment and software development tools, requires at least 2.1GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 2.2GB of free disk space.

Server A server installation requires 850MB for a minimal installation without X (the graphical environment), at least 1.5GB of free space if all package groups other than X are installed, and at least 5.0GB to install all packages including the GNOME and KDE desktop environments.

Custom A Custom installation requires 475MB for a minimal installation and at least 5.0GB of free space if every package is selected. Memory:   

Minimum for text-mode: 64MB Minimum for graphical: 128MB Recommended for graphical: 192MB

Note that the compatibility/availability of other hardware components (such as video and network cards) may be required for specific installation modes and/or post-installation usage. For more information about hardware compatibility, see the Red Hat Linux Hardware Compatibility List at http://hardware.redhat.com/hcl/ Before you begin a Red Hat Linux installation, you need to know what the purpose of the machine will be. Will it be a development workstation? An FTP? A Web server? Or will it be a database server? Each of these examples requires a different configuration.

3.2 Planning the Installation Before any software can be installed, the computer has to be able to recognize the hardware it will be using. The installation process will ask you about your hardware, so have this data ready before you start. You should know the make and model number for each of the following pieces of hardware, if you have them:     

SCSI controllers Network interface cards (NIC) Video cards Sound cards Packages to Be Installed

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Installation

Page 13 of 167

Red Hat Linux comes conveniently bundled with an array of pre-configured software packages. Most likely, you will not need to install all of these packages, and for security reasons (or office policy) it is a good idea not to. Your boss might not appreciate the office network being used to serve personal Web pages from each employee's installation of an Apache Web server. Also, every computer on your network doesn't need to run the innd network news service. Limit the packages you install to only the ones you need. If other packages are required later, they can be installed easily enough with the rpm tool.

Partitioning the Drive It is recommended that you make several partitions when preparing your hard drive to install Linux. This is a good idea for various reasons. First, Red Hat Linux runs two filesystems: a Linux native filesystem, and a Linux swap space. Second, if you want to install Red Hat Linux and another operating system on the same computer, you will have to create separate partitions for each.

Stability and Security The Linux native filesystem is usually divided among many hard drive partitions. The recommended configuration is a separate partition for each of these directories: /, /usr, /tmp, /var, and /home as well as separate partitions for corporate data, database services, and even the Web and FTP sites if they are expected to be large. Partitioning the hard drive in this manner keeps system, application, and user files isolated from each other. This aids in protecting the file space that the Linux kernel and the rest of your applications use. Files cannot grow across partitions. Therefore, an application that uses huge amounts of disk space, such as a newsgroup server, will not be able to use up all of the disk space needed by the Linux kernel. Another advantage is that if a bad spot develops on the hard drive, it will be easier to restore a single partition than the entire system. Stability is improved. Security, also, is improved. Multiple partitions give you the ability to mount some filesystems as read-only. For example, if there is no reason for any user (even root) to write to the /usr directory, mounting that partition as read-only will help protect those files from being tampered with. While there are many incentives to partitioning your disk space, it might not be desirable for you. For single-user systems, or where disk space is scarce, a simpler filesystem layout would be called for. For example, if the /var directory is on its own partition of 300MB, only 100MB might be used. That makes 200MB of wasted disk space. As of RH 7.x, both the web and ftp document roots have been added to /var. These may add additional disk space requirements for /var. Currently, there is no easy way to resize Linux partitions. Therefore, a lot of careful consideration should be put into whether you want to partition your disk space, and how to do it.

3.3 How Much Space Is Required? You should size your Linux partitions according to your needs and the function of the computer. For example, a mail server will require more space for the /var directory because the mail spool resides in /var/spool/mail. You may even want to create a separate partition just to accommodate /var/spool/mail.

Example: File Server If the Linux system you are installing is to be a file server, then your filesystem could look something like the following: Filesystem

Size (MB)

Mounted on

/dev/sda1

400

/

/dev/sda5

2000

/var

/dev/sda6

300

/usr

/dev/sda7

60

Swap space

/dev/sda8

1000

/home

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Installation

/dev/sda9

3000

Page 14 of 167

/home/shared

Linux Swap Space Normally, Linux can use a maximum 4GB of swap space. This 4GB can be spread over a maximum of eight partitions. Note that each swap partition is restricted to a maximum of 2GB. There is no authoritative formula for deciding how much swap space should be made, but you can make an estimate based on the typical UNIX rule of thumb, swap space should be two to three times the amount of RAM. Disk space is very cheap compared to RAM.

BIOS Limits Be aware that some computers, built before 1998, may have a BIOS (Basic Input/Output System) that, at bootup (under DOS), limits access to hard disks beyond their 1024 cylinder. A common effect of this problem is your computer's inability to see any partitions past the first 512MB of disk space at boot time. If this limitation affects your computer, do not place any bootable partitions after this barrier or the BIOS will not be able to access them and your Linux operating system will not be able to load.

3.4 Partitioning Naming Conventions UNIX is notorious for creating weird file names for hardware, and no one standard has been used by all the UNIX versions. Linux, meanwhile, has been using a simple standard for disk drives: disk device names have three letters, then a number. The first letter identifies the controller type (h is for IDE/EIDE, s is for SCSI). The second letter is d for disk, the third letter is for the sequential disk controller starting with “a.” This means the first IDE drive would be hda, the next would be hdb, then hdc and hdd. The partitions are numbered starting from 1, but due to the DOS world, they may not be sequential, depending on how they were created. Under this rule, the partitions would be /dev/hda1, /dev/hda2, /dev/hda3, .../dev/hda16 for the first IDE drive, then /dev/hdb1.../dev/hda16 for the second drive, and so one For SCSI drives, the name is sda for the first disk on the first controller. The partitions are /dev/sda1, /dev/sda2... /dev/sda15 (only 15 maximum partitions with SCSI, whereas IDE can have 16). The second disk on the same SCSI controller would be sdaa {1, 2, 15}, and so on. The second controller would have sdb{1-15} for the first disk, then sdba{1-15} for the second disk on the second controller, and so on. In RH 7.x, there are 2048 configured SCSI devices. The number of disks and partitions already configured depends on the version and distribution of Linux.

3.5 Install Options The Red Hat Linux installation program has the ability to test the integrity of the installation media. It works with the CD, DVD, hard drive ISO, and NFS ISO installation methods. Red Hat recommends that you test all installation media before starting the installation process, and before reporting any installation-related bugs (many of the bugs reported are actually due to improperly-burned CDs). To use this test, type linux mediacheck at the boot: prompt. While most present-day computers are able to start the installation process by booting directly from the first Red Hat Linux distribution CD, some hardware configurations require the use of a boot diskette. If your hardware requires a boot diskette, you should be aware of the following change. Red Hat Linux 9 uses a different boot diskette layout than previous releases of Red Hat Linux. There is now a single boot diskette image file (bootdisk.img) that is used to boot all systems requiring a boot diskette. If you are performing anything other than an installation from an IDE or USB device, you will be asked to insert a driver diskette created from one of the following image files: - drvnet.img - For network installations - drvblock.img - For SCSI installations - pcmciadd.img - For PCMCIA installations As with previous releases of Red Hat Linux, these image files can be found in the images directory on the first installation CD.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Installation

Page 15 of 167

Also in the images/ directory is the boot.iso file. This file is an ISO image that can be used to boot the Red Hat Linux installation program. It is a handy way to start network-based installations without having to use multiple diskettes. To use boot.iso, your computer must be able to boot from its CD-ROM drive, and its BIOS settings must be configured to do so. You must then burn boot.iso onto a recordable/rewriteable CD-ROM. The rescue mode environment (accessed by booting with the "linux rescue" boot-time command) has been enhanced. Numerous requested utilities have been added, and there is now support for activating network interfaces. Commands needed for SCSI tape support are also available. Please test this environment and send us your feedback. The Red Hat Linux installation program now detects existing Red Hat products on your system, and will prompt you to select the product you would like to upgrade. You will also have the option of performing a complete reinstallation of the system instead of upgrading. Please report any problems you may experience with this new feature. If the contents of your /etc/redhat-release file have been changed from the default, your Red Hat Linux installation may not be found when attempting an upgrade to Red Hat Linux 9. You can relax some of the checks against this file by entering the following at the boot: prompt: boot: linux upgradeany Use the upgradeany option only if your existing Red Hat Linux installation was not detected. isolinux is now used for booting the Red Hat Linux installation CD. If you have problems booting from the CD, you can write the images/bootdisk.img image to a diskette During a graphical installation, you can now press SHIFT-Print Screen and a screenshot of the current installation screen will be taken. These are stored in the following directory: /root/anaconda-screenshots/ The screenshots can be accessed once the newly-installed system is rebooted. The parted disk partition manipulation program has been upgraded to version 1.6. Users of Red Hat Linux 6.2 that want to upgrade their system to Red Hat Linux 9 must first have all errata updates applied before starting the upgrade process. The most straightforward way to accomplish this is to use Red Hat Network. A Red Hat Linux 6.2 system that is not completely up-to-date will not upgrade successfully to Red Hat Linux 9. Text mode installations using a serial terminal work best when the terminal supports UTF-8. Under UNIX and Linux, Kermit supports UTF-8. For Windows, Kermit '95 works well. Non-UTF-8 capable terminals will work as long as only English is used during installation. An enhanced serial display can be used by passing "utf8" as a boot-time option to the installation program. For example: boot:linux console=ttyS0 utf8

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Boot Loaders

Page 16 of 167

4. Boot Loaders Before Red Hat Linux can run, it must be loaded into memory by a special program called a boot loader. A boot loader usually exists on the system's primary hard drive (or other media device) and has the sole responsibility of loading the Linux kernel with its required files or (in some cases) other operating systems into memory.

4.1 Boot Loaders and System Architecture Each architecture capable of running Red Hat Linux uses a different boot loader. For example, the Alpha architecture uses the aboot boot loader, while the Itanium architecture uses the ELILO boot loader.

GRUB GNU Grand Unified Boot loader or GRUB is a program which enables the user to select which installed operating system or kernel to load at system boot time. It also allows the user to pass arguments to the kernel.

GRUB and the x86 Boot Process This section discusses in more detail the specific role GRUB plays when booting an x86 system. For an look at the overall boot process. GRUB loads itself into memory in the following stages: The Stage 1 or primary boot loader is read into memory by the BIOS from the MBR. The primary boot loader exists on less than 512 bytes of disk space within the MBR and is capable of loading either the Stage 1.5 or Stage 2 boot loader. The Stage 1.5 boot loader is read into memory by the Stage 1 boot loader, if necessary. Some hardware requires an intermediate step to get to the Stage 2 boot loader. This is sometimes true when the /boot partition is above the 1024 cylinder head of the hard drive or when using LBA mode. The Stage 1.5 boot loader is found either on the /boot partition or on a small part of the MBR and the /boot partition. The Stage 2 or secondary boot loader is read into memory. The secondary boot loader displays the GRUB menu and command environment. This interface allows you to select which operating system or Linux kernel to boot, pass arguments to the kernel, or look at system parameters, such as available RAM. The secondary boot loader reads the operating system or kernel and initrd into memory. Once GRUB determines which operating system to start, it loads it into memory and transfers control of the machine to that operating system. The boot method used to boot Red Hat Linux is called the direct loading method because the boot loader loads the operating system directly. There is no intermediary between the boot loader and the kernel. The boot process used by other operating systems may differ. For example, Microsoft's DOS and Windows operating systems, as well as various other proprietary operating systems, are loaded using a chain loading boot method. Under this method, the MBR points to the first sector of the partition holding the operating system. There it finds the files necessary to actually boot that operating system. GRUB supports both direct and chainloading boot methods, allowing it to boot almost any operating system. Warning: During installation, the Microsoft's DOS and Windows installation program completely overwrites the MBR, destroying any existing boot loader. If creating a dual-boot system, it is best to install the Microsoft operating system first.

4.1.1 Features of GRUB GRUB contains a number of features that make it preferable to other boot loaders available for the x86 architecture. Below is a partial list of some of the more important features: GRUB provides a true command-based, pre-OS environment on x86 machines. This affords the user maximum flexibility in loading operating systems with certain options or gathering information about the system. For years, many non-x86 architectures have employed pre-OS environments that allow system booting www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Boot Loaders

Page 17 of 167

from a command line. While some command features are available with LILO and other x86 boot loaders, GRUB is more feature rich. Important: GRUB supports Logical Block Addressing (LBA) mode. LBA places the addressing conversion used to find files in the hard drive's firmware, and is used on many IDE and all SCSI hard devices. Before LBA, boot loaders could encounter the 1024-cylinder BIOS limitation, where the BIOS could not find a file after that cylinder head of the disk. LBA support allows GRUB to boot operating systems from partitions beyond the 1024-cylinder limit, so long as the system BIOS supports LBA mode. Most modern BIOS revisions support LBA mode. GRUB can read ext2 partitions. This functionality allows GRUB to access its configuration file, /boot/grub/grub.conf, every time the system boots, eliminating the need for the user to write a new version of the first stage boot loader to MBR when configuration changes are made. The only time a user would need to reinstall GRUB on the MBR is if the physical location of the /boot partition is moved on the disk.

Installing GRUB If GRUB was not installed during the Red Hat Linux installation process it can be installed afterward. Once installed, it automatically becomes the default boot loader. Before installing GRUB, make sure to use the latest GRUB package available or use the GRUB package from the Red Hat Linux installation CD-ROMs. For instructions on installing packages, see the chapter titled Package Management with RPM in the Red Hat Linux Customization Guide. Once the GRUB package is installed, open a root shell prompt and run the command /sbin/grubinstall location>, where < location> is the location that the GRUB Stage 1 boot loader should be installed.

<

The following command installs GRUB to the MBR of the master IDE device on the primary IDE bus: /sbin/grub-install /dev/had The next time the system boots, the GRUB graphical boot loader menu will appear before the kernel loads into memory.

GRUB Terminology One of the most important things to understand before using GRUB is how the program refers to devices, such as hard drives and partitions. This information is particularly important when configuring GRUB to boot multiple operating systems. Device Names Suppose a system has more than one hard drive. The first hard drive of the system is called (hd0) by GRUB. The first partition on that drive is called (hd0,0), and the fifth partition on the second hard drive is called (hd1,4). In general, the naming convention for file systems when using GRUB breaks down in this way: (, ) The parentheses and comma are very important to the device naming conventions. The refers to whether a hard disk (hd) or floppy disk (fd) is being specified. The is the number of the device according to the system's BIOS, starting with 0. The primary IDE hard drive is numbered 0, while the secondary IDE hard drive is numbered 1. The ordering is roughly equivalent to the way the Linux kernel arranges the devices by letters, where the a in hda relates to 0, the b in hdb relates to 1, and so on. Note: GRUB's numbering system for devices starts with 0, not 1. Failing to make this distinction is one of the most common mistakes made by new GRUB users. The relates to the number of a specific partition on a disk device. Like the , the partition numbering starts at 0. While most partitions are specified by numbers, if a system uses BSD partitions, they are signified by letters, such as a or c. GRUB uses the following rules when naming devices and partitions: It does not matter if system hard drives are IDE or SCSI. All hard drives start with hd. Floppy disks start with fd.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Boot Loaders

Page 18 of 167

To specify an entire device without respect to its partitions, leave off the comma and the partition number. This is important when telling GRUB to configure the MBR for a particular disk. For example, (hd0) specifies the MBR on the first device and (hd3) specifies the MBR on the fourth device. If a system has multiple drive devices, it is very important to know the drive boot order set in the BIOS. This is rather simple to do if a system has only IDE or SCSI drives, but if there is a mix of devices, it can become confusing.

4.1.2 File Names and Blocklists When typing commands to GRUB involving a file, such as a menu list to use when allowing the booting of multiple operating systems, it is necessary to include the file immediately after specifying the device and partition. A sample file specification to an absolute file name is organized as follows: (,) /path/to/file Most of the time, a user will specify files by the directory path on that partition, plus the file name. It is also possible to specify files to GRUB that do not actually appear in the file system, such as a chain loader that appears in the first few blocks of a partition. To specify these files, you must provide a blocklist, which tells GRUB, block by block, where the file is located in the partition, since a file can be comprised of several different sets of blocks, there is a specific way to write blocklists. Each file's section location is described by an offset number of blocks and then a number of blocks from that offset point, and the sections are put together in a comma-delimited order. The following is a sample blocklist: 0+50,100+25,200+1 This blocklist tells GRUB to use a file that starts at the first block on the partition and uses blocks 0 through 49, 99 through 124, and 199. Knowing how to write blocklists is useful when using GRUB to load operating systems that use chain loading, such as Microsoft Windows. It is possible to leave off the offset number of blocks if starting at block 0. As an example, the chain loading file in the first partition of the first hard drive would have the following name: (hd0,0)+1

The following shows the chainloader command with a similar blocklist designation at the GRUB command line after setting the correct device and partition as root: chainloader +1

4.1.3 GRUB's Root File System Some users are confused by the use of the term "root file system" with GRUB. It is important to remember that GRUB's root file system has nothing to do with the Linux root file system. The GRUB root file system is the root partition for a particular device. GRUB uses this information to mount the device and load files from it. With Red Hat Linux, once GRUB has loaded its root partition (which equates to the /boot partition and contains the Linux kernel), the kernel command can be executed with the location of the kernel file as an option. Once the Linux kernel boots, it sets the root file system Linux users are familiar with. The original GRUB root file system and its mounts are forgotten; they only existed to boot the kernel file.

GRUB Interfaces GRUB features three interfaces, which provide different levels of functionality. Each of these interfaces allows users to boot the Linux kernel or other operating systems. The interfaces are as follows:

Menu Interface www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Boot Loaders

Page 19 of 167

If GRUB was automatically configured by the Red Hat Linux installation program, this is the interface shown by default. A menu of operating systems or kernels preconfigured with their own boot commands are displayed as a list, ordered by name. Use the arrow keys to select an option other than the default selection and press the [Enter] key to boot it. Alternatively, a timeout period is set, so that GRUB will start loading the default option. Press the [e] key to enter the entry editor interface or the [c] key to load a command line interface.

Menu Entry Editor Interface To access the menu entry editor, press the [e] key from the boot loader menu. The GRUB commands for that entry are displayed here, and users may alter these command lines before booting the operating system by adding a command line ([o] inserts a new line after the current line and [O] inserts a new line before it), editing one ([e]), or deleting one ([d]). After all changes are made, the [b] key executes the commands and boots the operating system. The [Esc] key discards any changes and reloads the standard menu interface. The [c] key loads the command line interface.

Command Line Interface The command line interface is the most basic of the GRUB interfaces, but it is also the one that grants the most control. The command line makes it possible to type any relevant GRUB commands followed by the [Enter] key to execute them. This interface features some advanced shell-like features, including [Tab] key completion, based on context, and [Ctrl] key combinations when typing commands, such as [Ctrl]-[a] to move to the beginning of a line, and [Ctrl]-[e] to move to the end of a line. In addition, the arrow, [Home], [End], and [Delete] keys work as they do in the bash shell.

Order of the Interfaces When GRUB loads its second stage boot loader, it first searches for its configuration file. Once found, it builds a menu list and displays the menu interface. If the configuration file cannot be found, or if the configuration file is unreadable, GRUB loads the command line interface, allowing the user to type commands to complete the boot process. If the configuration file is not valid, GRUB prints out the error and asks for input. This helps the user see precisely where the problem occurred. Pressing any key reloads the menu interface, where it is then possible to edit the menu option and correct the problem based on the error reported by GRUB. If the correction fails, GRUB reports an error and reloads the menu interface.

4.1.4 GRUB Commands GRUB allows a number of useful commands in its command line interface. Some of the commands accept options after their name; these options should be separated from the command and other options on that line by space characters. The following is a list useful commands: boot - Boots the operating system or chain loader that has been previously specified and loaded. chainloader - Loads the specified file as a chain loader. To grab the file at the first sector of the specified partition, use +1 as the file's name. displaymem - Displays the current use of memory, based on information from the BIOS. This is useful to determine how much RAM a system has prior to booting it. initrd - Enables users to specify an initial RAM disk to use when booting. An initrd is necessary when the kernel needs certain modules in order to boot properly, such as when the root partition is formatted with the ext3 file system. install MBR.

p - Installs GRUB to the system

When using the install command the user must specify the following:

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Boot Loaders

Page 20 of 167

- Signifies a device, partition, and file where the first boot loader image can be found, such as (hd0,0)/grub/stage1. - Specifies the disk where the stage 1 boot loader should be installed, such as (hd0). -Passes to the stage 1 boot loader the location of the stage 2 boot loader is located, such as (hd0,0)/grub/stage2. p - This option tells the install command to look for the menu configuration file specified by . An example of a valid path to the configuration file is (hd0,0)/grub/grub.conf.

Warning: The install command will overwrite any other information in the MBR. If executed, any information (other than GRUB information) that is used to boot other operating systems, will be lost. kernel - Specifies the kernel file to load from GRUB's root file system when using direct loading to boot the operating system. Options can follow the kernel command and will be passed to the kernel when it is loaded. For Red Hat Linux, an example kernel command looks like the following: kernel /vmlinuz root=/dev/hda5 This line specifies that the vmlinuz file is loaded from GRUB's root file system, such as (hd0,0). An option is also passed to the kernel specifying that when loading the root file system for the Linux kernel, it should be on hda5, the fifth partition on the first IDE hard drive. Multiple options may be placed after this option, if needed. root - Configures GRUB's root partition to be a specific device and partition, such as (hd0,0), and mounts the partition so that files can be read. rootnoverify - Performs the same functions as the root command but does not mount the partition. Commands other than these are available. Type info grub for a full list of commands.

4.1.5 GRUB Menu Configuration File The configuration file (/boot/grub/grub.conf), which is used to create the list of operating systems to boot in GRUB's menu interface, essentially allows the user to select a pre-set group of commands to execute. Special Configuration File Commands The following commands can only be used in the GRUB menu configuration file: color - Allows specific colors to be used in the menu, where two colors are configured as the foreground and background. Use simple color names, such as red/black. For example: color red/black green/blue default - The default entry title name that will be loaded if the menu interface times out. fallback - If used, the entry title name to try if first attempt fails. hiddenmenu - If used, prevents the GRUB menu interface from being displayed, loading the default entry when the timeout period expires. The user can see the standard GRUB menu by pressing the [Esc] key. password - If used, prevents a user who does not know the password from editing the entries for this menu option. Optionally, it is possible to specify an alternate menu configuration file after the password command. In this case, GRUB will restart the second stage boot loader and use the specified alternate configuration file to build the menu. If an alternate menu configuration file is left out of the command, then a user who knows the password is allowed to edit the current configuration file. timeout - If used, sets the interval, in seconds, before GRUB loads the entry designated by the default command. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Boot Loaders

Page 21 of 167

splashimage - Specifies the location of the splash screen image to be used when GRUB boots. title - Sets a title to be used with a particular group of commands used to load an operating system. The hash mark (#) character can be used at the beginning of a line to place comments in the menu configuration file.

4.1.6 Configuration File Structure The GRUB menu interface configuration file is /boot/grub/grub.conf. The commands to set the global preferences for the menu interface are placed at the top of the file, followed by the different entries for each of the operating systems or kernels listed in the menu. The following is a very basic GRUB menu configuration file designed to boot either Red Hat Linux and Microsoft Windows 2000: default=0 timeout=10 splashimage=(hd0,0)/grub/splash.xpm.gz # section to load linux title Red Hat Linux (2.4.18-5.47) root (hd0,0) kernel /vmlinuz-2.4.18-5.47 ro root=/dev/sda2 initrd /initrd-2.4.18-5.47.img # section to load Windows 2000 title windows rootnoverify (hd0,0) chainloader +1

This file tells GRUB to build a menu with Red Hat Linux as the default operating system and sets it to autoboot after 10 seconds. Two sections are given, one for each operating system entry, with commands specific to the system disk partition table. Note: The default is specified as a number. This refers to the first title line GRUB comes across. If you want windows to be the default, change the default=0 to default=1.

4.2 LILO LILO is an acronym for the LInux LOader and has been used to boot Linux on x86 systems for many years. Although GRUB is now the default boot loader, some users prefer to use LILO because it is more familiar to them and others use it out of necessity, since GRUB may have trouble booting some hardware.

4.2.1 LILO and the x86 Boot Process This section discusses in detail the specific role LILO plays when booting an x86 system. For a detailed look at the overall boot process. LILO loads itself into memory almost identically to GRUB, except it is only a two stage loader. 1. The Stage 1 or primary boot loader is read into memory by the BIOS from the MBR2. The primary boot loader exists on less than 512 bytes of disk space within the MBR. It only loads the Stage 2 boot loader and passes disk geometry information to it. 2. The Stage 2 or secondary boot loader is read into memory. The secondary boot loader displays the Red Hat Linux initial screen. This screen allows you to select which operating system or Linux kernel to boot. 3. The Stage 2 boot loader reads the operating system or kernel and initrd into memory. Once LILO determines which operating system to start, it loads it into memory and hands control of the machine to that operating system. Once the Stage 2 boot loader is in memory, LILO displays the initial Red Hat Linux screen with the different operating systems or kernels it has been configured to boot. By default, if Red Hat Linux is the only operating system installed, linux will be the only available option. If the system has multiple processors there will be a linuxup option for the single processor kernel and a linux option for the multiple processor (SMP) kernel. If LILO is configured to boot other operating systems, those boot entries also appear on this screen.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Boot Loaders

Page 22 of 167

The arrow keys allow a user to highlight the desired operating system and the [Enter] key begins the boot process. To access a boot: prompt, press [Ctrl]-[X].

4.2.2 LILO versus GRUB In general, LILO works similarly to GRUB except for three major differences:   

It has no interactive command interface. It stores information about the location of the kernel or other operating system it is to load on the MBR. It cannot read ext2 partitions.

The first point means the command prompt for LILO is not interactive and only allows one command with arguments. The last two points mean that if you change LILO's configuration file or install a new kernel, you must rewrite the Stage 1 LILO boot loader to the MBR by using the following command: /sbin/lilo -v -v This method is more risky than the method used by GRUB because a misconfigured MBR leaves the system unbootable. With GRUB, if the configuration file is erroneously configured, it will default to its command line interface where the user can boot the system manually. Options in /etc/lilo.conf The LILO configuration file is /etc/lilo.conf. The /sbin/lilo commands use this file to determine what information to write to the MBR. The /etc/lilo.conf file is used by the /sbin/lilo command to determine which operating system or kernel to load and where it should be installed. A sample /etc/lilo.conf file looks like this: boot=/dev/hda map=/boot/map install=/boot/boot.b prompt timeout=50 message=/boot/message lba32 default=linux image=/boot/vmlinuz-2.4.0-0.43.6 label=linux initrd=/boot/initrd-2.4.0-0.43.6.img read-only root=/dev/hda5 other=/dev/hda1 label=dos This example shows a system configured to boot two operating systems: Red Hat Linux and DOS. Next is a more detailed look at the lines of this file: boot=/dev/had-Instructs LILO to install itself on the first hard disk of the first IDE controller. map=/boot/map - Locates the map file. In normal use, this should not be modified. install=/boot/boot - Instructs LILO to install the specified file as the new boot sector. In normal use, this should not be altered. If the install line is missing, LILO will assume a default of /boot/boot.b as the file to be used. prompt - Instructs LILO to show you whatever is referenced in the message line. While it is not recommended that you remove the prompt line, if you do remove it, you can still access a prompt by holding down the [Shift] key while your machine starts to boot.

timeout=50 - Sets the amount of time that LILO will wait for user input before proceeding with booting the default line entry. This is measured in tenths of a second, with 50 as the default. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Boot Loaders

Page 23 of 167

message=/boot/message - Refers to the screen that LILO displays to let you select the operating system or kernel to boot. lba32 - Describes the hard disk geometry to LILO. Another common entry here is linear. You should not change this line unless you are very aware of what you are doing. Otherwise, you could put your system in an unbootable state. default=linux - Refers to the default operating system for LILO to boot as seen in the options listed below this line. The name linux refers to the label line below in each of the boot options. image=/boot/vmlinuz-2.4.0-0.43.6 - Specifies which Linux kernel to boot with this particular boot option. label=linux - Names the operating system option in the LILO screen. In this case, it is also the name referred to by the default line. initrd=/boot/initrd-2.4.0-0.43.6.img - Refers to the initial ram disk image that is used at boot time to actually initialize and start the devices that makes booting the kernel possible. The initial ram disk is a collection of machine-specific drivers necessary to operate a SCSI card, hard drive, or any other device needed to load the kernel. You should never try to share initial ram disks between machines. read-only - Specifies that the root partition (see the root line below) is read-only and cannot be altered during the boot process. root=/dev/hda5 - Specifies which disk partition to use as the root partition. other=/dev/hda1- Specifies the partition containing DOS.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Linux Boot Process

Page 24 of 167

5. Linux Boot Process An important and powerful aspect of Red Hat Linux is the open, user-configurable method it uses for starting the operating system. Users are free to configure many aspects of the boot process, including specifying the programs launched at boot-time. Similarly, system shutdown gracefully terminates processes in an organized and configurable way, although customization of this process is rarely required. Understanding how the boot and shutdown processes work not only allows customization of Red also makes it easier to troubleshoot problems related to starting or shutting down the system.

Hat Linux, but

The Boot Process Below are the basic stages of the boot process for an x86 system: 1. The system BIOS checks the system and launches the first stage boot loader on the MBR of the primary hard disk. 2. The first stage boot loader loads itself into memory and launches the second stage boot loader from the /boot/ partition. 3. The second stage boot loader loads the kernel into memory, which in turn loads any necessary modules and mounts the root partition read-only. 4. The kernel transfers control of the boot process to the /sbin/init program. 5. The /sbin/init program loads all services and user-space tools, and mounts all partitions listed in /etc/fstab. 6. The user is presented with a login prompt for the freshly booted Linux system. 7. Because configuration of the boot process is more common than the customization of the shutdown process. A Detailed Look at the Boot Process The beginning of the boot process varies depending on the hardware platform being used. However, once the kernel is found and loaded by the boot loader, the default boot process is identical across all architectures. The BIOS When an x86 computer is booted, the processor looks at the end of system memory for the Basic Input/Output System or BIOS program and runs it. The BIOS controls not only the first step of the boot process, but also provides the lowest level interface to peripheral devices. For this reason it is written into read-only, permanent memory and is always available for use. Other platforms use different programs to perform low-level tasks roughly equivalent to those of the BIOS on an x86 system. For instance, Itanium-based computers use the Extensible Firmware Interface (EFI) Shell, while Alpha systems use the SRM console. Once loaded, the BIOS tests the system, looks for and checks peripherals, and then locates a valid device with which to boot the system. Usually, it checks any diskette drives and CD-ROM drives present for bootable media, then, failing that, looks to the system's hard drives.

5.1 Init, and Shutdown order of the drives searched while booting is controlled with a setting in BIOS, and it looks on the master IDE device on the primary IDE bus. The BIOS then loads into memory whatever program is residing in the first sector of this device, called the Master Boot Record or MBR. The MBR is only 512 bytes in size and contains machine code instructions for booting the machine, called a boot loader, along with the partition table. Once the BIOS finds and loads the boot loader program into memory, it yields control of the boot process to it.

5.1.1 Linux Run levels Mode/Run Level www.wilshiresoft.com [email protected]

Directory

Run Level Description

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Linux Boot Process

0 1 2 3 4 5 6

Page 25 of 167

/etc/rc.d/rc0.d /etc/rc.d/rc0.d /etc/rc.d/rc0.d /etc/rc.d/rc0.d /etc/rc.d/rc0.d /etc/rc.d/rc0.d Reboot

Halt Single-user mode Not used (user-definable) Full multi-user mode (No GUI) Not used (user-definable) Full multi-user mode (With GUI)

The Boot Loader Once the second stage boot loader is in memory, it presents the user with the Red Hat Linux initial, graphical screen showing the different operating systems or kernels it has been configured to boot. On this screen a user can use the arrow keys to choose which operating system or kernel they wish to boot and press [Enter]. If no key is pressed, the boot loader will load the default selection after a configurable period of time has passed. Note: If Symmetric Multi-Processor (SMP) kernel support is installed, there will be more than one option present the first time the system is booted. In this situation, LILO will display linux, which is the SMP kernel, and linux-up, which is for single processors. GRUB displays Red Hat Linux (kernelversion-smp), which is the SMP kernel, and Red Hat Linux (kernel-version), which is for single processors. If any problems occur using the SMP kernel, try selecting the non-SMP kernel upon rebooting. Once the second stage boot loader has determined which kernel to boot, it locates the corresponding kernel binary in the /boot/ directory. The kernel binary is named using the following format /boot/vmlinuz-kernel-version (where kernel-version corresponds to the kernel Version specified in the boot loader's settings). The boot loader then places the appropriate initial RAM disk image, called an initrd, into memory. The kernel to load drivers necessary to boot the system uses the initrd. This is particularly important if SCSI hard drives are present or if the systems use the ext3 file system. Warning: Do not remove the /initrd/ directory from the file system for any reason. Removing this directory will cause the system to fail with a kernel panic error message at boot time.Once the kernel and the initrd image are loaded into memory, the boot loader hands control of the boot process to the kernel.

Boot Loaders for Other Architectures Once the Red Hat Linux kernel loads and hands off the boot process to the init command, the same sequence of events occurs on every architecture. So the main difference between each architecture's boot processes is in the application used to find and load the kernel. For example, the Alpha architecture uses the aboot boot loader, while the Itanium architecture uses the LILO boot loader.

The Kernel When the kernel is loaded, it immediately initializes and configures the computer's memory and configures the various hardware attached to the system, including all processors, I/O subsystems, and storage devices. It then looks for the compressed initrd image in a predetermined location in memory, decompresses it, mounts it, and loads all necessary drivers. Next, it initializes virtual devices related to the file system, such as LVM or software RAID before unmounting the initrd disk image and freeing up all the memory the disk image once occupied. The kernel then creates a root device, mounts the root partition read-only, and frees any unused memory. At this point, the kernel is loaded into memory and operational. However, since there are no user applications that allow meaningful input to the system, not much can be done with it. In order to set up the user environment, the kernel executes the /sbin/init program.

5.2 System startup script /etc/rc.d/rc.sysinit This script does all of the major system setup and initialization. Here is a step-by-step rundown of the process that occurs when the script is run: www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Linux Boot Process

Page 26 of 167

1. Checks for a /etc/sysconfig/network script. If it is there, the system runs it. Otherwise, it turns networking off and sets your hostname to “localhost.” 2. Executes /etc/rc.d/init.d/functions. This file sets up some basic functions that the rest of the scripts use. (Example: The boot daemon failure/success messages.) 3. Sets the loglevel. 4. Loads the keymap. If you have specified a default keyman file in /etc/sysconfig/console/default.kmap it will use that, otherwise it will use /etc/sysconfig/keyboard. 5. Loads the system fonts. 6. Activates all swap partitions specified in the /etc/fstab file. 7. Sets up your hostname and your NIS domain name. 8. Runs fsck to check your filesystem if necessary. If fsck fails, it will drop you to a shell and unmount the drives so you can work on repairing them. 9. Sets up ISA Plug-and-Play devices. 10. Remounts the root files system as read-write. 11. Checks quotas on the root partition. All modules will now be loaded. Note that the sound and midi modules will be loaded if there is an alias listed as sound or midi in the /etc/modules.conf. If your system requires a different module, you may need to edit the /etc/modules.conf file. 12. Checks for a /etc/raidtab file and loads all raid devices. 13. Checks your file systems with fsck again. 14. Mounts the rest of the file systems listed in the fstab. 15. Turns quota support on if /sbin/quotaon exists and is executable. 16. Sets the system clock. It will run /etc/sysconfig/clock if it exists. 17. Initializes swap space. 18. Initializes serial ports. 19. Loads SCSI tape module if a SCSI tape was detected. 20. Reads the /etc/sysconfig/desktop file for a preferred X11 Display Manager and sets a link file as /etc/X11/prefdm. 21. Finally it dumps the kernel ring buffer (Boot messages) to /var/log/dmesg. Important Files: /var/log/boot.log /var/log/messages /var/log/dmesg

System shutdown and rebooting The "init" command will allow you to change the current runlevel. Halt / Shutdown The System [root@skynet tmp]# init 0 Reboot The System [root@skynet tmp]# init 6

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Linux Boot Process

Page 27 of 167

5.2.1 Controlling the boot time services using “chkconfig” Most RedHat packages place a startup script in the directory /etc/init.d and place symbolic links (pointers) to this script in the appropriate /etc/rc.d/rc.X directory. The typical home/SOHO user doesn't have to be a scripting / symbolic linking guru to make sure everything works right because RedHat / RedHat comes with a nifty utility called "chkconfig" to do it for you. Use this command to get a full listing of packages listed in /etc/init.d and the runlevels at which they will be "on" or "off" [root@skynet keytable atd syslog gpm kudzu wlan sendmail netfs network random ...

tmp]# 0:off 0:off 0:off 0:off 0:off 0:off 0:off 0:off 0:off 0:off

chkconfig --list 1:on 2:on 3:on 1:off 2:off 3:on 1:off 2:on 3:on 1:off 2:on 3:on 1:off 2:off 3:on 1:off 2:on 3:on 1:off 2:off 3:on 1:off 2:off 3:on 1:off 2:on 3:on 1:off 2:on 3:on

4:on 4:on 4:on 4:on 4:on 4:on 4:off 4:on 4:on 4:on

5:on 5:on 5:on 5:on 5:on 5:on 5:on 5:on 5:on 5:on

6:off 6:off 6:off 6:off 6:off 6:off 6:off 6:off 6:off 6:off

Chkconfig Examples You can use chkconfig to change runlevels for particular packages. Here we see Sendmail will start with a regular startup at runlevel 3 or 5. Let's change it so that Sendmail doesn't startup at boot. Use Chkconfig To Get A Listing Of Sendmail's Current Startup Options [root@skynet tmp]# chkconfig --list | grep mail sendmail 0:off 1:off 2:off 3:on 4:off 5:on 6:off [root@skynet tmp]#

Switch Off Sendmail Starting Up In Levels 3 and 5 [root@skynet tmp]# chkconfig --level 35 sendmail off

Doublecheck That Sendmail Will Not Startup [root@skynet tmp]# chkconfig --list | grep mail sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@skynet tmp]# Turn it back on again [root@skynet tmp]# chkconfig --level 35 mail on [root@skynet tmp]# chkconfig --list | grep mail sendmail 0:off 1:off 2:off 3:on 4:off 5:on 6:off [root@skynet tmp]#

Note: We can also use the command line tool “setup” to control the services at boot time and GUI tool redhatconfig-services.

5.2.2 The “service” command After when the system is up and running we can start/stop/restart and see the status of service using “service” command as follows: [root@skynet tmp]# service start/stop/restart/status www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Linux Boot Process

Page 28 of 167

Eg:To see the status of a service [root@skynet tmp]#service nfs status service nfs is running with pid 485…. To stop and start a service [root@skynet tmp]#service nfs restart Stoping service nfs [OK] Starting service nfs [OK]

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - File System

Page 29 of 167

6. Linux File System 6.1 Ex2 and Ext3 FIlesystem Ext2 The origins of Ext2 go back to the early days of Linux history. Its predecessor, the Extended File System, was implemented in April 1992 and integrated in Linux 0.96c. The Extended File System underwent a number of modifications and, as Ext2, became the most popular Linux file system for years. With the creation of journaling file systems and their astonishingly short recovery times, Ext2 became less important. Solidity Being quite an “old-timer”, Ext2 underwent many improvements and was heavily tested. This may be the reason why people often refer to it as rock-solid. After a system outage when the file system could not be cleanly unmounted, e2fsck starts to analyze the file system data. Metadata is brought into a consistent state and pending files or data blocks are written to a designated directory (called lost+found). In contrast to journaling file systems, e2fsck analyzes the entire file system and not just the recently modified bits of metadata. This takes significantly longer than checking the log data of a journaling file system. Depending on file system size, this procedure can take half an hour or more. Therefore, it is not desirable to choose Ext2 for any server that needs high availability. Yet, as Ext2 does not maintain a journal and uses significantly less memory, it is sometimes faster than other file systems. Easy Upgradability The code for Ext2 is the strong foundation on which Ext3 could become a highly-acclaimed next-generation file system. Its reliability and solidity were elegantly combined with the advantages of a journaling file system. Ext3 Ext3 was designed by Stephen Tweedie. In contrast to all other “next-generation” file systems, Ext3 does not follow a completely new design principle. It is based on Ext2. These two file systems are very closely related to each other. An Ext3 file system can be easily built on top of an Ext2 file system. The most important difference between Ext2 and Ext3 is that Ext3 supports journaling. In summary, Ext3 has three major advantages to offer: Easy and Highly Reliable Upgrades from Ext2 As Ext3 is based on the Ext2 code and shares its on-disk format as well as its metadata format, upgrades from Ext2 to Ext3 are incredibly easy. Unlike transitions to other journaling file systems, such as ReiserFS, JFS, or XFS, which can be quite tedious (making backups of the entire file system and recreating it from scratch), a transition to Ext3 is a matter of minutes. It is also very safe, as the recreation of an entire file system from scratch might not work flawlessly. Considering the number of existing Ext2 systems that await an upgrade to a journaling file system, you can easily figure out why Ext3 might be of some importance to many system administrators. Downgrading from Ext3 to Ext2 is as easy as the upgrade. Just perform a clean unmount of the Ext3 file system and remount it as an Ext2 file system. Reliability and Performance Other journaling file systems follow the “metadata-only” journaling approach. This means your metadata will always be kept in a consistent state but the same cannot be automatically guaranteed for the file system data itself. Ext3 is designed to take care of both metadata and data. The degree of “care” can be customized. Enabling Ext3 in the data=journal mode offers maximum security (i.e., data integrity), but can slow down the system as both metadata and data are journaled. A relatively new approach is to use the data=ordered mode, which ensures both data and metadata integrity, but uses journaling only for metadata. The file system driver collects all data blocks that correspond to one metadata update. These blocks are grouped as a “transaction” and will be written to disk before the metadata is updated. As a result, consistency is achieved for metadata and data without sacrificing performance. A third option to use is data=writeback, which allows data to be written into the main file system after its metadata has been committed to the journal. This option is often considered the best in performance. It can, however, allow old data to reappear in files after crash and recovery while internal file system integrity is maintained. Unless you specify something else, Ext3 is run with the data=ordered default. Until recently (RedHat 7.1 and earlier), the Ext2 filesystem has been the Linux default. Ext2 is a technological miracle. Low fragmentation, redundant enough to be reliably regenerated on error yet diskspace efficient, fast, and adaptable. But when the computer is rebooted or powered off without correctly shutting down, Ext2

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - File System

Page 30 of 167

filesystems are placed in an error state. When the computer comes back up, the user is confronted with some mildly confusing, and very intimidating, messages and choices. Journalized filesystems are made to eliminate such error messages. The Ext3 filesystem is an Ext2 filesystem with a journal file and some filesystem driver additions making the filesystem journalized. tune2fs -j command, which is the primary command for converting from Ext2 to Ext3, is safe to run even on writeable mounted partitions. However, when possible, I run the command on unmounted or read-only mounted partitions. It might be superstitious, but I feel that is playing it safe. Nevertheless, when confronted with situations making unmounting difficult, I run the command on writeable mounted partitions. Note: From RedHat Linux 7.2 onwards Ext3 is used as the default File system.

Converting from Ext2 to Ext3 [root@skynet tmp]# tune2fs -j /dev/hda10 To list the partition information [root@skynet tmp]#fdisk -l Disk /dev/hdb: 80.0 GB, 80026361856 bytes 255 heads, 63 sectors/track, 9729 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/hda1 * 1 13 104391 83 Linux /dev/hda2 14 144 1052257+ 83 Linux /dev/hda3 145 398 2040255 82 Linux /dev/hda3 145 398 2040255 82 Linux swap /dev/hda4 399 913 4136737+ 5 Extended /dev/hda5 399 844 3582463+ 83 Linux /dev/hda6 845 913 554211 83 Linux

6.2 Preparing Partitions on Disks What is a partition? Partitioning is a means to divide a single hard drive into many logical drives. A partition is a contiguous set of blocks on a drive that are treated as an independent disk. A partition table is an index that relates sections of the hard drive to partitions. Constraints   

Partitions must not overlap. This will cause data corruption. There should not be any gap between adjacent partitions. While this is not harmful, you are wasting precious disk space by leaving space between partitions. Partitions cannot be moved but they can be resized and copied using special software.

6.2.1 Device Naming Convention By convention, IDE drives will be given device names /dev/hda to /dev/hdd. Hard Drive A(/dev/hda) is the first drive and Hard Drive C /dev/hdc) is the third.

IDE controller naming convention drive name

drive controller

drive number

/dev/hda

1

1

/dev/hdb

1

2

/dev/hdc

2

1

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - File System

/dev/hdd

Page 31 of 167

2

2

A typical PC has two IDE controllers, each of which can have two drives connected to it. For example, /dev/hda is the first drive (master) on the first IDE controller and /dev/hdd is the second (slave) drive on the second controller (the fourth IDE drive in the computer). SCSI drives follow a similar pattern; they are represented by 'sd' instead of 'hd'. The first partition of the second SCSI drive would therefore be /dev/sdb1. In the table above, the drive number is arbitraily chosen to be 6 to introduce the idea that SCSI ID numbers do not map onto device names under linux.

Table 4. SCSI Drives drive name

drive controller

drive number

partition type

partition number

/dev/sda1

1

6

primary

1

/dev/sda2

1

6

primary

2

/dev/sda3

1

6

primary

3

6.2.3 Adding a New Partition 1. The first Linux step in adding a new disk is to partition it in preparation of adding a filesystem to it. This is done with the fdisk command followed by the name of the disk. In our case we want to run fdisk on the /dev/hdb disk. [root@skynet tmp]# fdisk /dev/hdb The number of cylinders for this disk is set to 9729. There is nothing wrong with that, but this is larger than 1024, and could in certain setups cause problems with: 1) Software that runs at boot time (e.g., old versions of LILO) 2) Booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK) 2. Just to make sure we're on the correct device, issue the "p" command to print all the known partitions on the disk. In this case there are none which is good. Command (m for help): p Disk /dev/hdb: 80.0 GB, 80026361856 bytes 255 heads, 63 sectors/track, 9729 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks

Id

System

3. The fdisk "m" command will give you a print a small help manual of valid commands. You will see that "n" is the command to add a new partition. We'll add a new primary partition, number "1" and use the defaults to make the partition occupy the entire disk. Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First cylinder (1-9729, default 1): Using default value 1 Last cylinder or +size or +sizeM or +sizeK (1-9729, default 9729):

4. The print command will now show that you have successfully created the partition. Command (m for help): p Disk /dev/hdb: 80.0 GB, 80026361856 bytes 255 heads, 63 sectors/track, 9729 cylinders www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - File System

Page 32 of 167

Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks /dev/hdb1 1 9726 78148161

Id 83

System Linux

5. Changes won't be made to the disk's partition table until you use the "w" command to "write", or save the changes. When finished, the "q" command will allow you to exit. Command (m for help): w Command (m for help): q

6.2.2 Verify the New Partition [root@skynet tmp]#fdisk -l /dev/hdb Now create the File system mke2fs [root@skynet tmp]#mke2fs /dev/hdb1

6.3 Managing Swap Space Swap space is a generic term for disk storage used to increase the amount of apparent memory available on the system. Under Linux, swap space is used to implement paging, a process whereby memory pages (a page is 4096 bytes on Intel systems; this value can differ on other architectures) are written out to disk when physical memory is low and read back into physical memory when needed. The process by which paging works is rather involved, but it is optimized for certain cases. The virtual memory subsystem under Linux allows memory pages to be shared between running programs.

6.3.1 Creating Swap Space The first step in adding additional swap is to create a file or partition to host the swap area. If you wish to create an additional swap partition, you can create the partition using the fdisk utility, as described above. To create a swap file, you'll need to open a file and write bytes to it equaling the amount of swap you wish to add. One easy way to do this is with the dd command. For example, to create an 8-MB swap file, you can use the command: dd if=/dev/zero of=/swap bs=1024 count=8192 This will write 8192 blocks (8 MB) of data from /dev/zero to the file/swap. (/dev/zerois a special device in which read operations always return null bytes. It's something like the inverse of/dev/null.) After creating a file of this size, it's a good idea to use the sync command to sync the filesystems in case of a system crash. Use the mkswap command to "format" the swap area. For example, for the swap file created in the previous example, you would use the command: mkswap -c /swap 8192 If the swap area is a partition, you would substitute the name of the partition (such as /dev/hda3) and the size of the partition, also in blocks. mkswap –c /dev/hda3

Enabling the Swap Space In order for the new swap space to be utilized, you must enable it with the swapon command. For example, after creating the previous swap file and running mkswap and sync, we could use the command: swapon /swap If you are using a new swap partition, you can enable it with a command such as: swapon /dev/hda3

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - File System

Page 33 of 167

Add the entirs /etc/fstab file so that swap gets enabled each time we booting the systemcontains the entries: # device /dev/hda3 /swap

directory none swap

type swap swap

options sw defaults

fsck options 0 0 0 0

Disabling Swap Space As is usually the case, undoing a task is easier than doing it. To disable swap space, simply use the command: swapoff swapoff /dev/hda3 (or) swapoff /swap To list swap details use: free or swapon -s

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Linux File System Hiierarchy (FHS)

Page 34 of 167

7. Overview of Linux File System Hierarchy Standard (FHS) Red Hat is committed to the Filesystem Hierarchy Standard (FHS), a collaborative document that defines the names and locations of many files and directories. The FHS document is the authoritative reference to any FHS-compliant file system, but the standard leaves many areas undefined or extensible. This section is an overview of the standard and a description of the parts of the file system not covered by the standard. Compliance with the standard means many things, but the two most important are compatibility with other compliant systems and the ability to mount a /usr/ partition as read-only because it contains common executables and should not be changed by users. Since the /usr/ directory is mounted read-only, it can be mounted from the CD-ROM or from another machine via a read-only NFS mount.

7.1 FHS Organization The directories and files noted here are small subsets of those specified by the FHS document. Refer to the latest FHS document for the most complete information.

The /dev/ Directory The /dev/ directory contains file system entries which represent devices that are attached to the system. These files are essential for the system to function properly.

The /etc/ Directory The /etc/ directory is reserved for configuration files that are local to the machine. No binaries are to be put in /etc/. Any binaries that were once located in /etc/ should be placed into /sbin/ or possibly /bin/. The X11/ and skel/ directories are subdirectories of the /etc/ directory: /etc |- X11/ |- skel/ The /etc/X11/ directory is for X11 configuration files such as XF86Config. The /etc/skel/ directory is for "skeleton" user files, which are used to populate a home directory when a user is first created.

The /lib/ Directory The /lib/ directory should contain only those libraries that are needed to execute the binaries in /bin/ and /sbin/. These shared library images are particularly important for booting the system and executing commands within the root file system.

The /mnt/ Directory The /mnt/ directory is for temporarily mounted file systems, such as CD-ROMs and fioppy disks.

The /opt/ Directory The /opt/ directory provides storage for large, static application software packages. A package placing files in the /opt/ directory creates a directory bearing the same name as the package. This directory in turn holds files that otherwise would be scattered throughout the file system, giving the system administrator an easy way to determine the role of each file within a particular package. For example, if sample is the name of a particular software package located within the /opt/ directory, then all of its files could be placed within directories inside the /opt/sample/ directory, such as /opt/sample/bin/ for binaries and /opt/sample/man/ for manual pages.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Linux File System Hiierarchy (FHS)

Page 35 of 167

Large packages that encompass many different sub-packages, each of which accomplish a particular task, also go within the /opt/ directory, giving that large package a standardized way to organize itself. In this way, our sample package may have different tools that each go in their own subdirectories, such as /opt/sample/tool1/ and /opt/sample/tool2/, each of which can have their own bin/, man/, and other similar directories.

The /proc/ Directory The /proc/ directory contains special files that either extract information from or send information to the kernel. Due to the great variety of data available within /proc/ and the many ways this directory can be used to communicate with the kernel, an entire chapter has been devoted to the subject.

The /sbin/ Directory The /sbin/ directory is for executables used only by the root user. The executables in /sbin/ are only used to boot and mount /usr/ and perform system recovery operations. The FHS says: "/sbin typically contains files essential for booting the system in addition to the binaries in /bin. Anything executed after /usr is known to be mounted (when there are no problems) should be placed in /usr/sbin. Local-only system administration binaries should be placed into /usr/local/sbin." At a minimum, the following programs should be in /sbin/: arp, clock, getty, halt, init, fdisk, fsck.*, grub, ifconfig, lilo, mkfs.*, mkswap, reboot, route, shutdown, swapoff, swapon, update

The /usr/ Directory The /usr/ directory is for files that can be shared across a whole site. The /usr/ directory usually has its own partition, and it should be mountable read-only. At minimum, the following directories should be subdirectories of /usr/: /usr |- bin/ |- dict/ |- doc/ |- etc/ |- games/ |- include/ |- kerberos/ |- lib/ |- libexec/ |- local/ |- sbin/ |- share/ |- src/ |- tmp -> ../var/tmp/ |- X11R6/ The bin/ directory contains executables, dict/ contains non-FHS compliant documentation pages, etc/ contains system-wide configuration files, games is for games, include/ contains C header files, kerberos/ contains binaries and much more for Kerberos, and lib/ contains object files and libraries that are not designed to be directly utilized by users or shell scripts. The libexec/ directory contains small helper programs called by other programs, sbin/ is for system administration binaries (those that do not belong in the /sbin/ directory), share/ contains files that are not architecture specific, src/ is for source code, and X11R6/ is for the X Window System (XFree86 on Red Hat Linux). www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Linux File System Hiierarchy (FHS)

Page 36 of 167

The /usr/local/ Directory The FHS says: "The /usr/local hierarchy is for use by the system administrator when installing software locally. It needs to be safe from being overwritten when the system software is updated. It may be used for programs and data that are shareable among a group of hosts, but not found in /usr." The /usr/local/ directory is similar in structure to the /usr/ directory. It has the following subdirectories, which are similar in purpose to those in the /usr/ directory: /usr/local |- bin/ |- doc/ |- etc/ |- games/ |- include/ |- lib/ |- libexec/ |- sbin/ |- share/ |- src/

The /var/ Directory Since the FHS requires Linux to mount /usr/ read-only, any programs that write log files or need spool/ or lock/ directories should write them to the /var/ directory. The FHS states /var/ is for: "...variable data files. This includes spool directories and files, administrative and logging data, and transient and temporary files." Below are some of the directories which should be subdirectories of the /var/ directory: /var |- account/ |- arpwatch/ |- cache/ |- crash/ |- db/ |- empty/ |- ftp/ |- gdm/ |- kerberos/ |- lib/ |- local/ |- lock/ |- log/ |- mail -> spool/mail/ |- mailman/ |- named/ |- nis/ |- opt/ |- preserve/ |- run/ |- spool/ |- anacron/ |- at/ |- cron/ |- lpd/ |- mail/ |- mqueue/ |- rwho/ |- samba/ |- squid/ |- tmp/ |- yp/

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Linux File System Hiierarchy (FHS)

Page 37 of 167

System log files such as messages/ and lastlog/ go in the /var/log/ directory. The /var/lib/rpm/ directory also contains the RPM system databases. Lock files go in the /var/lock/ directory, usually in directories particular for the program using the file. The /var/spool/ directory has subdirectories for various systems that need to store data files.

7.1.2. /usr/local/ in Red Hat Linux In Red Hat Linux, the intended use for the /usr/local/ directory is slightly different from that specified by the FHS. The FHS says that /usr/local/ should be where software that is to remain safe from system software upgrades is stored. Since system upgrades from under Red Hat Linux performed safely with the rpm command and graphical Package Management Tool application, it is not necessary to protect files by putting them in /usr/local/. Instead, the /usr/local/ directory is used for software that is local to the machine. For instance, if the /usr/ directory is mounted as a read-only NFS share from a remote host, it is still possible to install a package or program under the /usr/local/ directory.

7.2. Special File Locations Red Hat Linux extends the FHS structure slightly to accommodate special files. Most files pertaining to the Red Hat Package Manager (RPM) are kept in the /var/lib/rpm/ directory. The /var/spool/up2date/ directory contains files used by Red Hat Update Agent, including RPM header information for the system. This location may also be used to temporarily store RPMs downloaded while updating the system. Another location specific to Red Hat Linux is the /etc/sysconfig/ directory. This directory stores a variety of configuration information. Many scripts that run at boot time use the files in this directory. Finally, one more directory worth noting is the /initrd/ directory. It is empty, but is used as a critical mount point during the boot process. The sysconfig Directory The /etc/sysconfig/ directory is where a variety of system configuration files for Red Hat Linux are stored. Here we will outline some of the files found in the /etc/sysconfig/ directory. The information here is not intended to be complete, as many of these files have a variety of options that are only used in very specific or rare circumstances.

7.3 Files in the /etc/sysconfig/ Directory The following files are normally found in the /etc/sysconfig/ directory: |||||||||||||||||||||-

amd apmd arpwatch authconfig cipe clock desktop dhcpd firstboot gpm harddisks hwconf i18n identd init ipchains iptables irda keyboard kudzu mouse

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Linux File System Hiierarchy (FHS)

|||||||||||||||||||-

Page 38 of 167

named netdump network ntpd pcmcia radvd rawdevices redhat-config-securitylevel redhat-config-users redhat-logviewer samba sendmail soundcard spamassassin squid tux ups vncservers xinetd

Note: If some of the files listed are not present in the /etc/sysconfig/ directory, then the corresponding program may not be installed.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Desktop Environments

Page 39 of 167

8. Linux Desktop Enviornments A desktop environment (or window manager) is the graphic environment that you use to interface with your computer. One of the most common "desktop environments" is the explorer interface on Microsoft Windows, where you have a start menu, desktop icons, etc. Within Linux each desktop environment has its own interface, as well as system menu, login managers and developer tools. One advantage you have with Linux is that you have a choice on what desktop environment you use. Today, there are two major desktop environments that populate the majority of Linux desktop installations, GNOME and KDE. There are other Window managers available, but unless you run Linux on older hardware, GNOME and KDE are by far the most popular desktop environments available.

8.1 GNOME Fedora Linux is the only distribution here to include the latest 2.6 series of the GNOME Desktop. The biggest change from the 2.4 series to the 2.6 series is that nautilus uses a "spatial" interface instead of the standard browser type interface. The good news is that the "spatial" interface speeds up nautilus. It is reminiscent of the way older Microsoft Windows Explorers would always "open in new window" by default. Maybe if it could be configured to use the same window I would like it, but I guess that is what makes it "spatial"

. Fedora's default GNOME Desktop Overall Fedora and RedHat’s implementation of GNOME seems relatively stable, but not as stable as the 2.4 series. The interface is "themed" away from the default GNOME look into a theme that is called BlueCurve. The BlueCurve look is a nice looking theme that includes new Window Decorations, Colors and Icons. The desktop is also rearranged from the default GNOME look, you no longer have the top panel, and the bottom panel is overly large for GNOME. If you remember how GNOME 1.x series looked, this is very similar. Mandrake utilizes a very standard GNOME 2.4 series desktop. The only real change is the inclusion of a new theme called Galaxy, and a customized "start menu" to allow organized access to applications across the different Desktop Environments.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Desktop Environments

Page 40 of 167

Mandrake's default GNOME Desktop Suse Linux also includes the GNOME 2.4 series desktop. Unlike Mandrake though, it is somewhat customized, but in such a way that you don't notice it right away. Most of the customizations come from Ximian's work on the GNOME desktop, which makes sense because Novell also acquired Ximian as well as Suse. The biggest change is the inclusion of Ximian's patches to GTK. Because of the this, most of the dialog boxes are tweaked a little allowing for a better user experience. There are also small changes, such as Ximian's Industrial theme being the default look.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Desktop Environments

Page 41 of 167

Suse's default GNOME Desktop

8.2 KDE RedHat’s Linux's implementation of KDE strays drastically from the default KDE desktop from KDE.org. The desktop is themed in such a way to look exactly like Fedora's GNOME desktop. Unfortunately in its default state, the desktop is extremely not user friendly. An example is there is no easy way to open a file manager on the Desktop, Taskbar or Menus. The only way to open a file manager is to go through the menus and find the Konqueror web browser and once the program launches, you must hit the home icon which will bring you to the home directory. I guess if you didn't know that Konqueror also doubles as a file manager you would be out of luck when it came to a file manager. If you prefer the default KDE desktop from KDE.org, it is nearly impossible to get there with Fedora's implementation. Fedora really needs a nice wizard on startup that would ask you which theme to use for KDE, the Bluecurve (Fedora's) theme or the default KDE theme.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Desktop Environments

Page 42 of 167

Fedora's default KDE Desktop

Mandrake's KDE desktop is very clean, but generic looking. Mandrake's changes mostly just include a customized "start menu", the Galaxy theme and various other settings that are changed from a default KDE installation, such as double-clicking to launch a file instead of a single click.

Mandrake's default KDE Desktop Suse's KDE desktop is the most polished of these three distributions. It is also the desktop that is the most similar to a default KDE desktop from KDE.org.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration - Desktop Environments

Page 43 of 167

Suse's default KDE Desktop Suse's changes includes a customized "start menu", as well as customized applets, such as applets for hardware control, the dialup Internet Connection and Power Management applets.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Account Management

Page 44 of 167

9. Linux Accout Management 9.1 Managing User Accounts Managing user accounts and groups is an essential part of system administration within an organization. But to do this effectively, a good system administrator must first understand what user accounts and groups are and how they work. The primary reason for user accounts is to verify the identity of each individual using a computer system. A secondary (but still important) reason for user accounts is to permit the per-individual tailoring of resources and access privileges. Resources can include files, directories, and devices. Controlling access to these resources is a large part of a system administrator's daily routine; often the access to a resource is controlled by groups. Groups are logical constructs that can be used to cluster user accounts together for a common purpose. For example, if an organization has multiple system administrators, they can all be placed in one system administrator group. The group can then be given permission to access key system resources. In this way, groups can be a powerful tool for managing resources and access Who Is The Super User? The super user with unrestricted access to all system resources and files is the user named "root". You will need to log in as user root to add new users to your Linux box

9.1.2 Passwds In more formal terms, a password provides a means of proving the authenticity of a person's claim to be the user indicated by the username. The effectiveness of a password-based authentication scheme relies heavily on several aspects of the password:   

The secrecy of the password The resistance of the password to guessing The resistance of the password to a brute-force attack

Weak Passwords Weak password fails one of these three tests:   

It is secret It is resistant to being guessed It is resistant to a brute-force attack

Password Aging Password aging is a feature (available in many operating systems) that sets limits on the time that a given password is considered valid. At the end of a password's lifetime, the user is prompted to enter a new password, which can then be used until, it too, expires. The key question regarding password aging that many system administrators face is that of the password lifetime. What should it be? There are two diametrically-opposed issues at work with respect to password lifetime:  

User convenience Security

On one extreme, a password lifetime of 99 years would present very little (if any) user inconvenience. However, it would provide very little (if any) security enhancement.

9.1.3 Files Controlling User Accounts and Groups The following section documents the files in the /etc/ directory that store user and group information under Red Hat Linux. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Account Management

Page 45 of 167

/etc/passwd The /etc/passwd file is world-readable and contains a list of users, each on a separate line. On each line is a colon delimited list containing the following information: Username — The name the user types when logging into the system. Password — Contains the encrypted password (or an x if shadow passwords are being used — more on this later). User ID (UID) — The numerical equivalent of the username which is referenced by the system and applications when determining access privileges. Group ID (GID) — The numerical equivalent of the primary group name which is referenced by the system and applications when determining access privileges. GECOS — Named for historical reasons, the GECOS field is optional and is used to store extra information (such as the user's full name). Multiple entries can be stored here in a comma delimited list. Utilities such as finger access this field to provide additional user information. Note: GECOS stands for General Electric Comprehensive Operating Supervisor Home directory — The absolute path to the user's home directory, such as /home/juan/. Shell — The program automatically launched whenever a user logs in. This is usually a command interpreter (often called a shell). Under Red Hat Linux, the default value is /bin/bash. If this field is left blank, /bin/sh is used. If it is set to a non-existent file, then the user will be unable to log into the system.

Here is an example of a /etc/passwd entry: root:x:0:0:root:/root:/bin/bash This line shows that the root user has a shadow password, as well as a UID and GID of 0. The root user has /root/ as a home directory, and uses /bin/bash for a shell. For more information about /etc/passwd, see the passwd(5) man page

/etc/shadow The /etc/shadow file is readable only by the root user and contains password (and optional password aging information) for each user. As in the /etc/passwd file, each user's information is on a separate line. Each of these lines is a colon delimited list including the following information: Username — The name the user types when logging into the system. This allows the login application to retrieve the user's password (and related information). Encrypted password — The 13 to 24 character password. The password is encrypted using either the crypt(3) library function or the md5 hash algorithm. In this field, values other than a validly-formatted encrypted or hashed password are used to control user logins and to show the password status. For example, if the value is ! or *, the account is locked and the user is not allowed to log in. If the value is !! a password has never been set before (and the user, not having set a password, will not be able to log in). Date password last changed — The number of days since January 1, 1970 (also called the epoch) that the password was last changed. This information is used in conjunction with the password aging fields that follow. Number of days before password can be changed — The minimum number of days that must pass before the password can be changed. Number of days before a password change is required — The number of days that must pass before the password must be changed. Number of days warning before password change — The number of days before password expiration during which the user is warned of the impending expiration. Number of days before the account is disabled — The number of days after a password expires before the account will be disabled. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Account Management

Page 46 of 167

Date since the account has been disabled — The date (stored as the number of days since the epoch) since the user account has been disabled. A reserved field — A field that is ignored in Red Hat Linux. Here is an example line from /etc/shadow:       

juan:$1$.QKDPc5E$SWlkjRWexrXYgc98F.:12825:0:90:5:30:13096: This line shows the following information for user juan: The password was last changed February 11, 2005 There is no minimum amount of time required before the password can be changed The password must be changed every 90 days The user will get a warning five days before the password must be changed The account will be disabled 30 days after the password expires if no login attempt is made The account will expire on November 9,2005

For more information on the /etc/shadow file, see the shadow (5) man page.

/etc/group The /etc/group file is world-readable and contains a list of groups, each on a separate line. Each line is a four field, colon delimited list including the following information: Group name — The name of the group. Used by various utility programs as a human-readable identifier for the group. Group password — If set, this allows users that are not part of the group to join the group by using the newgrp command and typing the password stored here. If a lower case x is in this field, then shadow group passwords are being used. Group ID (GID) — The numerical equivalent of the group name. It is used by the operating system and applications when determining access privileges. Member list — A comma delimited list of the users belonging to the group. Here is an example line from /etc/group: general:x:502:juan,shelley,bob This line shows that the general group is using shadow passwords, has a GID of 502, and that juan, shelley, and bob are members. For more information on /etc/group, see the group(5) man page.

/etc/gshadow The /etc/gshadow file is readable only by the root user and contains an encrypted password for each group, as well as group membership and administrator information. Just as in the /etc/group file, each group's information is on a separate line. Each of these lines is a colon delimited list including the following information: Group name — The name of the group. Used by various utility programs as a human-readable identifier for the group. Encrypted password — The encrypted password for the group. If set, non-members of the group can join the group by typing the password for that group using the newgrp command. If the value of this field is !, then no user is allowed to access the group using the newgrp command. A value of !! is treated the same as a value of ! — however, it also indicates that a password has never been set before. If the value is null, only group members can log into the group. Group administrators — Group members listed here (in a comma delimited list) can add or remove group members using the gpasswd command. Group members — Group members listed here (in a comma delimited list) are regular, non-administrative members of the group. Here is an example line from /etc/gshadow: www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Account Management

Page 47 of 167

general:!!:shelley:juan,bob This line shows that the general group has no password and does not allow non-members to join using the newgrp command. In addition, shelley is a group administrator, and juan and bob are regular, non-administrative members.

9.2 User Management Commands The following table describes some of the more common command line tools used to create and manage user accounts and groups: Application

Function

/usr/sbin/useradd

Adds user accounts. This tool is also used to specify primary and secondary group membership.

/usr/sbin/userdel

Deletes user accounts.

/usr/sbin/usermod

Edits account attributes including some functions related to password aging. For more fine-grained control, use the passwd command. usermod is also used to specify primary and secondary group membership.

passwd

Sets passwords. Although primarily used to change a user's password, it also controls all aspects of password aging.

/usr/sbin/chpasswd

Reads in a file consisting of username and password pairs, and updates each users' password accordingly.

chage

Changes the user's password aging policies. The passwd command can also be used for this purpose.

Chfn

Changes the user's GECOS information.

chsh

Changes the user's default shell

/usr/sbin/groupadd

Adds groups, but does not assign users to those groups. The useradd and usermod programs should then be used to assign users to a given group.

/usr/sbin/groupdel

Deletes groups.

/usr/sbin/groupmod

Modifies group names or GIDs, but does not change group membership. The useradd and usermod programs should be used to assign users to a given group.

gpasswd

Changes group membership and sets passwords to allow non-group members who know the group password to join the group. It is also used to specify group administrators.

/usr/sbin/grpck

Checks the integrity of the /etc/group and /etc/gshadow files.

File Permission Applications File permissions are an integral part of managing resources within an organization. The following table describes some of the more common command line tools used for this purpose. Application

Function

chgrp

Changes which group owns a given file.

chmod

Changes access permissions for a given file. It is also capable of assigning special permissions.

chown

Changes a file's ownership (and can also change group).

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Account Management

Page 48 of 167

Home Directories Another issue facing system administrators is whether or not users should have centrally-stored home directories. The primary advantage of centralizing home directories on a network-attached server is that if a user logs into any machine on the network, they will be able to access the files in their home directory. The disadvantage is that if the network goes down, users across the entire organization will be unable to get to their files. In some situations (such as organizations that make widespread use of laptops), having centralized home directories may not be desirable. But if it makes sense for your organization, deploying centralized home directories can make a system administrator's life much easier.

Adding Users Adding users takes some planning, read through the steps below before starting: Arrange your list of users into groups by function. In this example there are three groups "marketing", "production" and "accounts". Marketing Production Accounts Paul Alice Accounts Jane Derek Sales Add the Linux groups to your server: [root@skynet tmp]# groupadd marketing [root@skynet tmp]# groupadd production [root@skynet tmp]# groupadd accounts Add the Linux users, assign them to their respective groups [root@skynet [root@skynet [root@skynet [root@skynet [root@skynet [root@skynet

tmp]# tmp]# tmp]# tmp]# tmp]# tmp]#

useradd useradd useradd useradd useradd useradd

-g -g -g -g -g -g

marketing paul marketing jane production derek production alice accounts accounts accounts sales

If you don't specify the group with the "-g", RedHat / RedHat Linux will create a group with the same name as the user you just created. When each new user first logs in, they will be prompted for their new permanent password. Note: The /etc/login.defs file contains useradd command defaults for user aging, home directory and password policy. Each user's personal directory will be placed in the /home directory. The directory name will be the same as their user name. [root@skynet drwxr-xr-x drwx-----drwx-----drwx-----drwx-----drwx-----drwx------

tmp]# ll /home 2 root root 2 accounts accounts 2 alice production 2 derek production 2 jane marketing 2 paul marketing 2 sales accounts

12288 Jul 24 20:04 lost+found 1024 Jul 24 20:33 accounts 1024 Jul 24 20:33 alice 1024 Jul 24 20:33 derek 1024 Jul 24 20:33 jane 1024 Jul 24 20:33 paul 1024 Jul 24 20:33 sales

Changing Passwords You'll need to create passwords for each account. This is done with the "passwd" command. You will be prompted once for your old password and twice for the new one. User "root" changing the password for user "paul" [root@skynet root]# passwd paul Changing password for user paul. New password: Retype new password: www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Account Management

Page 49 of 167

passwd: all authentication tokens updated successfully. [root@skynet root]# Users may wish to change their passwords at a future date. Here is how unprivileged user "paul" would change his own password. [paul@skynet paul]$ passwd Changing password for paul Old password: your current password Enter the new password (minimum of 5, maximum of 8 characters) Please use a combination of upper and lower case letters and numbers. New password: your new password Re-enter new password: your new password Password changed.

Delete Users The userdel command is used. The "-r" flag removes all the contents of the user's home directory [root@skynet tmp]# userdel -r paul How to Tell the groups to which a user belongs? Use the "groups" command with the username as the argument [root@skynet root]# groups paul paul : marketing [root@skynet root]#

Setup User Aging [root@skynet root]#chage –l paul [root@skynet root]#chage –I 5 –m 10 –M 20 –W 15 –E 06/23/05 [root@skynet root]#chage –l paul Here in the above example: -I is number of days a user can remain inactive -m minimum no. of days before a user can change his password from the current day. -M Maximum no. of days a user can keep his password from the current day. -W will receive a warning to change his/her password from the current day -E password expiry date i.e June 23rd 2005 Important Files /etc/passwd, /etc/shadow /etc/login.defs /etc/skel, /etc/bashrc, /etc/profile

9.3 Setting Up Quotas 9.3.1 Understanding Disk Quotas Quotas are used to limit a user's or a group of users' ability to consume disk space. This prevents a small group of users from monopolizing disk capacity and potentially interfering with other users or the entire system. Disk quotas are often used by ISPs, Web Hosting companies, on FTP sites, or on corporate file servers to ensure continued availability of their systems. Users can compromise availability by uploading files to the point of filling a file system (by default, there is nothing stopping this from happening). Once the file system is full, other users are effectively denied upload access to the disk (a denial of service). If the file system that fills is the root file system (/), this could also result in system instability or even a crash. There are two limitations you can set up to manage disk consumption. You can limit the number of inodes a user may have, and you can also limit the number of disk blocks a user's files may consume. Linux uses one inode for each file a user has on a file system. Setting a maximum on the number of inodes a user may consume prevents www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Account Management

Page 50 of 167

a user from creating an excessive number of files. By limiting the number of disk blocks a user may consume, you limit the total amount of storage a user may have regardless of how many files they may have (i.e., either a small number of large files, or a large number of small files). We can use the following commands and their associated man pages: quotaon /fs Enables quotas for the /fs file system. quotaoff Disables quota tracking. edquota name Edits the quota settings for user name. Can also be used to set defaults. quota Allows users to see their current resource consumption and limits. repquota Generates a report of disk consumption by all users for a quota-enabled file system. quotacheck Scans a file system

9.3.2 Settingup and configuring the Quotas Enter Single User Mode As we'll need to remount the /home filesystem it's best to ensure that no other users or processes are using it. This is best achieved by entering single user mode from the console. This may be unnecessary if you are certain that you're the only user on the system. Entering single user mode will automatically log off all users and stop cron jobs. It is best to do this after hours in a business environment. Here is a quick procedure to do this: 1. Use the "who" command to see who's logged in. If there are any, besides yourself, send a message informing them that the system is about to shutdown with the "wall" command. [root@skynet tmp]# who root pts/0 Nov 6 14:46 (192-168-1-242.my-site.com) bob pts/0 Nov 6 12:01 (192-168-1-248.my-site.com) bunny pts/0 Nov 6 16:25 (192-168-1-250.my-site.com) [root@skynet tmp]# wall The system is shutting down now! Broadcast message from root (pts/0) (Sun Nov 7 15:04:27 2004): The system is shutting down now! 2. The next step is to log into the VGA console and enter single user mode. [root@skynet tmp]# init 1 Edit your /etc/fstab File The /etc/fstab file lists all the partitions that need to be auto-mounted when the system boots. You have to alert Linux that quotas are enabled on the filesystem by editing the /etc/fstab file and modifying the options for the /home directory. You'll need to add the usrquota option. In case you forget the name, the usrquota option is mentioned in the fstab man pages.

Old fstab LABEL=/home

/home

ext3

defaults

1 2

/home

ext3

defaults,usrquota

1 2

New fstab LABEL=/home

Remount The Filesystem Editing the /etc/fstab file isn't enough, Linux needs to reread the file to get its instructions for /home. This can be done using the mount command with the "-o remount" qualifier. [root@skynet tmp]# mount -o remount /home Get Out Of single user mode www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Account Management

Page 51 of 167

Return to your original run state by using either the "init 3" or "init 5" commands. Continue to the next step once the system is back to its normal state. Create The Partition Quota Configuration Files The topmost directory of the filesystem needs to have an aquota.user file (Defines quotas by user) and/or a aquota.group file (Defines quotas by group). The man page for "quota" lists them at the bottom. In this case we'll just enable "per user " quotas. [root@skynet tmp]# touch /home/aquota.user [root@skynet tmp]# chmod 600 /home/aquota.user

9.3.3 Initialize The Quota Table Editing the /etc/fstab file and remounting the file system only alerted Linux to the fact that the filesystem has quota capabilities. You have to generate a quota table, separate from the aquota files, which lists all the current allocations for each user on the file system. This table will then be automatically and transparently updated each time a file is modified. Linux compares the values in this table with the quota limitations the systems administrator has placed in the aquota files and will use this to determine whether the user has rights to having increased disk usage. The table initialization is done using the quotacheck command. You'll get an error the first time you enter the command as Linux will realize that the aquota file wasn't created using one of the quota commands. [root@skynet tmp]# quotacheck -vagum quotacheck: WARNING - Quotafile /home/aquota.user was probably truncated. Can't save quota settings... quotacheck: Scanning /dev/hda3 [/home] done quotacheck: Checked 185 directories and 926 files Edit The User's Quota Information Now we need to edit the user's quota information. This is done with the edquota command which allows you to selectively edit a portion of the aquota.user file on a per user basis. [root@skynet tmp]# edquota -u mp3user The command will invoke the vi editor which will allow you to edit a number of fields. Disk quotas for user mp3user (uid 503): Filesystem blocks soft hard /dev/hda3 24 0 0

inodes 7

soft 0

hard 0

Blocks: The amount of space in 1K blocks the user is currently using. Inodes: The number of files the user is currently using. Soft Limit: The maximum blocks/inodes a quota user may have on a partition. The role of a soft limit changes if grace periods are used. When this occurs, the user is only warned that their soft limit has been exceeded. When the grace period expires, the user is barred from using additional disk space or files. When set to zero, limits are disabled. Hard Limit: The maximum blocks/inodes a quota user may have on a partition when a grace period is set. Users may exceed a soft limit, but they can never exceed their hard limit. In the example below we limit user mp3user to a maximum of 5 MB of data storage on /dev/hda3 (/home). Disk quotas for user mp3user (uid 503): Filesystem blocks soft hard /dev/hda3 24 5000 0

inodes 7

soft 0

hard 0

Testing Linux checks the total amount of disk space a user uses each time a file is accessed and compares it against the values in the quota file. If the values are exceeded, depending on the configuration, then Linux will prevent the creation of new files or the expansion of existing files to use more disk space. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Account Management

Page 52 of 167

9.4 Other Quota Topics Creating disk quotas frequently isn't enough you also have to manage the process by reviewing the quota needs of each user and adjusting them according to the policies of your company. You'll also need to make Linux scan its hard disks periodically to check for exceeded quotas. This section describes the most common quota management activities you'll need to undertake. Editing Grace Periods The "edquota -t" command sets the grace period for each filesystem. Like the edquota command, it invokes the vi editor. The grace period is a time limit before the soft limit is enforced for a quota enabled file system. Time units of seconds, minutes, hours, days, weeks and months can be used. This is what you'll see with the command "edquota -t": Note: There should be no spaces between the number and the unit of time measure. Therefore in this example, "7days" is correct and "7 days" is wrong. [root@skynet tmp]# edquota -t Grace period before enforcing soft limits for users: Time units may be: days, hours, minutes, or seconds Filesystem /dev/hda3

Block grace period 7days

Inode grace period 7days

9.4.1 Editing Group Quotas Editing quotas on a per group basis can be done similarly with the "edquota -g" command. Getting Quota Reports. The repquota command lists quota usage limits of all users on the system. Here is an example. [root@skynet tmp]# repquota /home *** Report for user quotas on device /dev/hda3 Block grace time: 7days; Inode grace time: 7days Block limits

File limits

User used soft hard grace used soft hard grace ---------------------------------------------------------------------root -52696 0 0 1015 0 0 ... ... mp3user -24 0 0 7 0 0

9.5 Using Sudo 9.5.1 What is SUDO? SUDO feature in RedHat Linux is similer to RBAC in Solaris. The sudo utility allows users defined in the /etc/sudoers configuration file to have temporary access to run commands they would not normally be able to due to file permission restrictions. The commands can be run as user "root" or as any other user defined in the /etc/sudoers configuration file. The privileged command you want to run must first begin with the word "sudo" followed by the command's regular syntax. When running the command with the sudo prefix, you will be prompted for your regular password before it is executed. You may run other privileged commands using sudo within a five minute period without being reprompted for a password. All commands run as sudo are logged in the log file /var/log/messages.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Account Management

Page 53 of 167

9.5.2 Example Using sudo In this example, user "bob" attempts to view the contents of the /etc/sudoers file, which is an action that normally requires privileged access. Without sudo, the command fails. [bob@skynet bob]$ more /etc/sudoers /etc/sudoers: Permission denied [bob@skynet bob]$ Bob tries again using sudo and his regular user password and is successful [bob@skynet bob]$ sudo more /etc/sudoers Password: The details of configuring and installing sudo will be covered in later sections.

The visudo command "visudo" is a text editor that mimics the "vi" editor that is used to edit the /etc/sudoers configuration file. It is not recommended that you use any other editor to modify your sudo parameters as the sudoers file isn't located in the same directory on all versions of Linux. "visudo" uses the same commands as the "vi" text editor. "visudo" must run as user "root" and should have no arguments as seen below. [root@aqua tmp]# visudo The /etc/sudoers File The /etc/sudoers file contains all the configuration and permission parameters needed for sudo to work. There are a number of guidelines that need to be followed when editing it with visudo. Format Of The /etc/sudoers File: usernames/group servername = (usernames command can be run as) command

Some guidelines when editing this file: Groups are the same as user groups and are differentiated from regular users by a % at the beginning. The Linux user group "users" would be represented by %users. You can have multiple usernames per line separated by commas Multiple commands can be separated by commas too. Spaces are considered part of the command. The keyword "ALL" can mean all usernames, groups, commands and servers. If you run out of space on a line, you can end it with a "\" and continue on the next line. Sudo assumes that the sudoers file will be used network wide, and therefore offers the option to specify the names of servers which will be using it in the "servername" position. In most cases, the file is used by only one server and the keyword "ALL" will suffice for the server name. The NOPASSWD keyword provides access without you being prompted for your password

Simple /etc/sudoers Examples Here are some simple examples of how to do many commonly required tasks using the sudo utility. Using Aliases In The sudoers File Sometimes you'll need to assign random groupings of users from various departments very similar sets of privileges. The sudoers file allows users to be grouped according to function with the group then being assigned a nickname or "alias" which is used throughout the rest of the file. Groupings of commands can also be assigned aliases too.

In the example below, users "peter", "bob" and "bunny" and all the users in the "operator" group are made part of the user alias "ADMINS". All the command shell programs are then assigned to the command alias "SHELLS". Users ADMINS are then denied the option of running any SHELLS commands and su. Cmnd_Alias

www.wilshiresoft.com [email protected]

SHELLS = /usr/bin/sh, /usr/bin/csh, \ /usr/bin/ksh, /usr/local/bin/tcsh, \ Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Account Management

Page 54 of 167

/usr/bin/rsh, /usr/local/bin/zsh User_Alias ADMINS

ADMINS = peter, bob, bunny, %operator ALL = !/usr/bin/su, !SHELLS

This attempts to ensure that users don't permanently "su" to become root, or enter command shells that bypass sudo's command logging. It doesn't prevent them from copying the files to other locations to be run. The advantage of this is that it helps to create an audit trail, but the restrictions can only be enforced as part of the company's overall security policy. Other Examples You can view a comprehensive list of /etc/sudoers file options by issuing the command "man sudoers".

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – RedHat Package Management

Page 55 of 167

10. Red Hat Package Manager (RPMs) 10.1 Introduction One of the mundane, yet necessary, duties a Systems Administrator faces is software management. Applications and patches come and go. After months or years of adding, upgrading, and removing software applications, it's hard to tell just what's on a system, what version a software package is, and what other applications it depends on. Outdated files often wind up laying around because nobody's quite sure what they belong to. Worse, you may install a new software package only to find it has overwritten a crucial file from a currently installed package. The Red Hat Package Manager (RPM) was designed to eliminate these problems. With RPM, software is managed in discrete “packages,” a collection of the files that make up the software, and instructions for adding, removing, and upgrading those files. RPM also makes sure you never lose configuration files by backing up existing ones before overwriting. RPM also tracks which version of an application is currently installed on your system. A key feature of RPM is that filenames can be specified in Uniform Resource Locator (URL) format. For example, if you know that the package foo.rpm is on the FTP server ftp.rpmdownloads.com, in the /pub directory, you can specify that filename as ftp://ftp.rpmdownloads.com/pub/fee.rpm.RPM is smart enough to log on to the FTP server anonymously and pull down the file. You can also use the format ftp://:@hostname:/path/to/remote/package/file.rpm, where and are the username and password you need to log on to this system non-anonymously, and specifies a nonstandard port used on the remote machine. You may use these formats anywhere a filename is called for in RPM.

10.2 What Is a Package? In the generic sense, a package is a container. It includes the files needed to accomplish a certain task, such as the binaries, configuration, and documentation files in a software application. It also includes instructions on how and where these files should be installed, and how the installation should be accomplished. A package also includes instructions on how to uninstall itself. RPM packages are often identified by filenames that usually consist of the package name, the version, the release, and the architecture for which they were built. For example, the package penguin-3.26.i386.rpm indicates this is the (fictional) Penguin Utilities package, version 3, release 26. i386 indicates it has been compiled for the Intel architecture. Note that although this is the conventional method of naming RPM packages, the actual package name, version, and architecture information are read from the contents of the file by RPM, not the filename. You could rename the file blag.rpm, but it would still install as penguin-3.26.i386.rpm.

10.2.1 What Is RPM? At the heart of RPM is the RPM database. This database tracks where each file in a package is located, its version, and much more. The RPM also maintains an MD5 checksum of each file. Checksums are used to determine if a file has been modified, which comes in handy if you need to verify the integrity of one or more packages. The RPM database makes adding, removing, and upgrading packages easy, because RPM knows which files to handle, and where to put them. RPM also takes care of conflicts between packages. For example, if package X, which has already been installed, has a configuration file called /etc/someconfig, and you attempt to install a new package, Y, which wants to install the same file, RPM will manage this conflict by backing up your previous configuration file before the new file is written. The workhorse of the RPM system is the program rpm. rpm is the “driver” responsible for maintaining the RPM databases. Of rpm's 10 modes of operation, we will cover the four most common: query, install, upgrade, and remove

10.3.1 Listing Installed RPMs The rpm -qa command will list all the packages installed on your system [root@skynet tmp]# rpm -qa perl-Storable-1.0.14-15 smpeg-gtv-0.4.4-9 e2fsprogs-1.27-9 libstdc++-3.2-7 www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – RedHat Package Management

Page 56 of 167

audiofile-0.2.3-3 ... ... [root@skynet tmp]# You can also pipe the output of this command through the grep command if you are interested in only a specific package. In this example we are looking for all packages containing the string "ssh" in the name, regardless of case ("-i" meaning ignore case) [root@skynet tmp]# rpm -qa | grep -i ssh openssh-server-3.4p1-2 openssh-clients-3.4p1-2 openssh-askpass-gnome-3.4p1-2 openssh-3.4p1-2 openssh-askpass-3.4p1-2 Note: You could use the "rpm -q package-name" command to find an installed package as it is much faster than using grep and the "-qa" switch, but you have to have an exact package match. If you are not sure of the package name and its capitalization, then the method above is probably more suitable.

10.3.2 Listing Files Associated With RPMs Sometimes you'll find yourself installing software which terminates with an error requesting the presence of particular file. In many cases the installation program doesn't state the RPM package in which the file can be found. It is therefore important to be able to determine the origin of certain files, by listing the contents for RPMs in which you suspect the files may reside.

10.3.4 Listing Files For Already Installed RPMs This can be useful if you have to duplicate a working server that is already in a production environment. Sometimes the installation of an application fails on the new server due to the lack of a file that resides on the old one. In this case you need to know which RPM on the old server contains the file. You can use the "-ql" qualifier to list all the files associated with an installed RPM. In this example we test to make sure that the NTP package is installed using the"-q" qualifier, then we use the "-ql" qualifier to get the file listing. [root@skynet tmp]# rpm -q ntp ntp-4.1.2-0.rc1.2 [root@skynet tmp]# rpm -ql ntp /etc/ntp /etc/ntp.conf /etc/ntp/drift /etc/ntp/keys ... ... [root@skynet tmp]# /usr/share/doc/ntp-4.1.2/rdebug.htm /usr/share/doc/ntp-4.1.2/refclock.htm /usr/share/doc/ntp-4.1.2/release.htm /usr/share/doc/ntp-4.1.2/tickadj.htm [root@skynet tmp]#

10.2 Managing RPMs (install, re-install, upgrade, erase etc.) Installing RPMs The rpm -i command will install a package. The package name given must match that listed in the rpm -qa command as the version of the package is important. -v is used for verbose output and -h shows the process of installation as # (hashes) [root@skynet tmp]# rpm -ivh package-name.rpm Preparing... ########################################### [100%] Installing.. ########################################### [100%] www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – RedHat Package Management

Page 57 of 167

Installing RPM without checking for dependency [root@skynet tmp]# rpm -ivh --nodeps package-name.rpm Re-installing RPM [root@skynet tmp]# rpm –ivh -–replacepkgs pkgname.rpm Upgrading RPMs The rpm -U command will upgrade a package. [root@skynet tmp]# rpm -Uvh package-name.rpm Uninstalling RPMs The rpm -e command will erase an installed package. The package name given must match that listed in the rpm -qa command as the version of the package is important. [root@skynet tmp]# rpm -e package-name.rpm

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Networking

Page 58 of 167

11. Linux Networking 11.1 Configuring Your NIC's IP Address It is very important be very familiar with all the steps needed to configure IP addresses on a NIC card. Website shopping cart applications frequently need an additional IP address dedicated to them, you may need to add a secondary NIC interface to your server to handle data backups and last but not least, you may just to play around with the server to test your skills. This section will show you how to do the most common server IP activities with the least amount of headaches.

11.1.1 Determining Your IP Address Most modern PCs come with an ethernet port. When Linux is installed, this device is called "eth0". You can determine the IP address of this device with the "ifconfig" command. [root@skynet tmp]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:08:C7:10:74:A8 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:11 Base address:0x1820 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:787 errors:0 dropped:0 overruns:0 frame:0 TX packets:787 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:82644 (80.7 Kb) TX bytes:82644 (80.7 Kb) wlan0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:47379 errors:0 dropped:0 overruns:0 frame:0 TX packets:107900 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:4676853 (4.4 Mb) TX bytes:43209032 (41.2 Mb) Interrupt:11 Memory:c887a000-c887b000 wlan0:0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5 inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Memory:c887a000-c887b000 In this example, eth0 has no IP address as this box is using wireless interface wlan0 as its main NIC. Interface wlan0 has an IP address of 192.168.1.100 and a subnet mask of 255.255.255.0 If there are conflicts, you may need to refer to the manual for the offending device to try to determine ways to either use another interrupt or memory I/O location.

11.1.2 Changing Your IP Address If you wanted, you could give this eth0 interface an IP address using the ifconfig command. [root@skynet tmp]# ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up

The "up" at the end of the command activates the interface. To make this permanent each time you boot up you'll have to add this command in your /etc/rc.d/rc.local file. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Networking

Page 59 of 167

RedHat Linux also makes life a little easier with interface configuration files located in the /etc/sysconfig/network-scripts directory. Interface eth0 has a file called ifcfg-eth0, eth1 uses ifcfg-eth1 ... etc. You can place your IP address information in these files which are then used to auto-configure your NICs when Linux boots.

11.1.3 network-scripts File Formats : [root@skynet tmp]# cd /etc/sysconfig/network-scripts [root@skynet network-scripts]# less ifcfg-eth0 DEVICE=eth0 IPADDR=192.168.1.100 NETMASK=255.255.255.0 BOOTPROTO=static ONBOOT=yes # # The following settings are optional # BROADCAST=192.168.1.255 NETWORK=192.168.1.0 [root@skynet tmp]# cd /etc/sysconfig/network-scripts [root@skynet network-scripts]# less ifcfg-eth0 DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes As you can see eth0 will be activated on booting as the parameter ONBOOT has the value "yes" and not "no". The default RedHat/RedHat installation will include the "broadcast" and "network" options in the network-scripts file. These are optional. Once you change the values in the configuration files for the NIC you'll have to deactivate and activate it for the modifications to take effect. The ifdown and ifup commands can be used to do this. [root@skynet network-scripts]# ifdown eth0 [root@skynet network-scripts]# ifup eth0

11.2 Multiple IP Addresses On A Single NIC In the previous "determining your IP address" section you may have noticed that there were two wireless interfaces. One's named wlan0 and the other wlan0:0. Interface wlan0:0 is actually a "child" of interface wlan0, a virtual sub-interface also known as an "IP alias". IP aliasing is one of the most common ways of creating multiple IP addresses associated with a single NIC. Aliases have the name format "parent-interface-name:X", where "X" is the sub-interface number of your choice. The process for creating an IP alias is very similar to the steps outlined for the real interface in the previous "changing your IP address" section. This can be seen below: 1. First ensure the "parent" real interface exists 2. Verify that no other IP aliases with the same name exists with the name you plan to use. In this we want to create interface wlan0:0 3. Create the virtual interface with the ifconfig command [root@skynet tmp]# ifconfig wlan0:0 192.168.1.99 \ netmask 255.255.255.0 up 4.You should also create a /etc/sysconfig/network-scripts/ifcfg-wlan0:0 file so that the aliases will all be managed automatically with the ifup and ifdown commands. Here is a sample configuration: DEVICE=wlan0:0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.99 NETMASK=255.255.255.0 The commands to activate and deactivate the alias interface would therefore be: www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Networking

Page 60 of 167

[root@skynet tmp]# ifup wlan0:0 [root@skynet tmp]#ifdown wlan0:0 Note: Shutting down the main interface also shuts down all its aliases too. Aliases can be shutdown independently of other interfaces. How To Activate / Shutdown Your NIC The ifup and ifdown commands can be used respectively to activate and deactivate a NIC interface. You must have an ifcfg file in the /etc/sysconfig/network-scripts directory these commands to work. Here is an example for interface eth0: [root@skynet tmp]# ifdown eth0 [root@skynet tmp]# ifup eth0

11.2.1 Viewing Your Current Routing Table The netstat -nr command will provide the contents of the touting table. Networks with a gateway of 0.0.0.0 are usually directly connected to the interface. As no gateway is needed to reach your own directly connected interface then an address of 0.0.0.0 seems appropriate. In this example there are two gateways, the default and one to 255.255.255.255 which is usually added on DHCP servers. Server skynet is a DHCP server in this case. [root@skynet tmp]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 255.255.255.255 0.0.0.0 255.255.255.255 UH 40 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 wlan0 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG 40 0 0 wlan0 In this example, there are multiple gateways handling traffic destined for different networks on different interfaces.

11.3 Convert Your Linux Server Into A Router Router / firewall appliances that provide basic Internet connectivity for a small office or home network are becoming more affordable every day, but when budgets are tight you may seriously want to consider modifying an existing Linux server to do the job.

11.3.1 Configuring IP Forwarding For your Linux server to become a router, you have to enable packet forwarding. In simple terms packet forwarding lets packets flow through the Linux box from one network to another. The Linux kernel configuration parameter to activate this named net.ipv4.ip_forward and can be found in the file /etc/sysctl.conf. Remove the "#" from the line related to packet forwarding. Before # Disables packet forwarding net.ipv4.ip_forward=0 After # Enables packet forwarding net.ipv4.ip_forward=1 This will only enable it when you reboot at which time Linux will create a file in one of the subdirectories of the special RAM memory based /proc filesystem. To activate the feature immediately you have to force Linux to read the /etc/sysctl.conf file with the sysctl command using the "-p" switch. Here is how it's done: [root@skynet tmp] sysctl -p sysctl -p net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 1 kernel.sysrq = 0 www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Networking

Page 61 of 167

kernel.core_uses_pid = 1 Configuring Your /etc/hosts File The /etc/hosts file is just a list of IP addresses and their corresponding server names. Your server will typically check this file before referencing DNS, if the name is found with a corresponding IP address then DNS won't be queried at all. Unfortunately, if the IP address for that host changes, you'll have to also update the file. This may not be much of a concern for a single server, but can become laborious if it has to be done companywide. For ease of management, it is often easiest to limit entries in this file to just the loopback interface, and also the server's own host name, and use a centralized DNS server handle most of the rest. Sometimes you may not be the one managing the DNS server and in such cases it may be easier to add a quick /etc/hosts file entry till the centralized change can be made. 192.168.1.101

sys1

In the example above server "sys1" has an IP address of 192.168.1.101. You can access 192.168.1.101 using the "ping", "telnet" or any other network aware program by referring to it as "sys1" Here is an example using the "ping" to see if "sys1" is alive and well on the network. [root@skynet tmp]# ping sys1 PING zero (192.168.1.101) 56(84) bytes of data. 64 bytes from sys1 (192.168.1.101): icmp_seq=0 ttl=64 time=0.197 ms 64 bytes from sys1 (192.168.1.101): icmp_seq=1 ttl=64 time=0.047 ms --- sys1 ping statistics --2 packets transmitted, 2 received, 0% packet loss, time 2017ms rtt min/avg/max/mdev = 0.034/0.092/0.197/0.074 ms, pipe 2 You can also add "aliases" to the end of the line which will allow you to refer to the server using other names. Here we have set it up so that "sys1" can also be accessed using the names "tiny" and "sun20". 192.168.1.101

sys1

tiny

sun20

You should never have an IP address more than once in this file as Linux will only use the values in the first entry it finds. 192.168.1.101 192.168.1.101 192.168.1.101

sys1 tiny sun20

# (Wrong) # (Wrong) # (Wrong)

11.4 Setting Up A Telnet Server Telnet server RPM's filename usually starts with the word "telnet-server" followed by a version number like this: telnet-server-0.17-28.i386.rpm. this packages located in 3rd cd. o Telnet is installed disabled RedHat Linux. If you want to enable Telnet then edit the file /etc/xinetd.d/telnet and set the disable parameter to "no". # default: on # description: The telnet server serves telnet sessions; it uses \ # unencrypted username/password pairs for authentication. service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no } o You’ll then have to restart xinetd for the new settings to take effect. [root@skynet tmp]# /etc/init.d/xinetd restart Stopping xinetd: [ OK ]

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Networking

Page 62 of 167

Starting xinetd: [ OK ] [root@skynet tmp]# Now you are ready to use telnet.

11.5 Setting up rsh and rlogin rsh server RPM's filename usually starts with the word "rsh-server" followed by a version number like this: rshserver-0.17-28.i386.rpm. this packages located in 3rd cd. rsh and rlogin are disabled in RedHat Linux by deafult. If you want to enable rsh and rlogin then edit the file /etc/xinetd.d/rsh and /etc/xinetd.d/rlogin, set the disable parameter to "no". just like we’ve done for Telnet server (see above) disable = no You'll then have to restart xinetd for the new settings to take effect. [root@skynet tmp]# /etc/init.d/xinetd restart Stopping xinetd: [ OK ] Starting xinetd: [ OK ] Now rsh and rlogin are ready to use. Just create .rhosts under user’s home directory which contains trusted Host name and IP address (or name of trusted Host) Eg:[root@skynet tmp]# vi /root/.rhosts 200.200.0.2 root wq! Here in this example we trust the host 200.200.0.2 and the user root on 200.200.0.2.

11.6 Configuring an FTP server Introduction The File Transfer Protocol (FTP) is used as one of the most common means of copying files between servers over the Internet or LAN. FTP relies on a pair of TCP ports to get the job done. It operates in two connection channels: 



FTP Control Channel, TCP Port 21: All commands you send and the ftp server's responses to those commands will go over the control connection, but any data sent back (such as "ls" directory lists or actual file data in either direction) will go over the data connection. FTP Data Channel, TCP Port 20: This port is used for all subsequent data transfers between the client and server.

Anonymous FTP: Anonymous FTP is the choice of Web sites that need to exchange files with numerous unknown remote users. 

Common uses include downloading software or software updates and uploading diagnostic information or files etc.

Unlike regular FTP where you login with a preconfigured Linux username and password, anonymous FTP requires only a username of anonymous and your email address for the password. Once logged in to a VSFTPD (very Secure File transfer protocol) server, you automatically have access to only the default anonymous FTP directory (/var/ftp in the case of VSFTPD) and all its subdirectories.

Install and Configure Install VSFTPD Most RedHat and Fedora Linux software products are available in the RPM format. When searching for the file, remember that the VSFTPD RPM's filename usually starts with the word vsftpd followed by a version number, as in: vsftpd-1.2.1-5.i386.rpm. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Networking

Page 63 of 167

Start VSFTPD service You can start, stop, or restart VSFTPD after booting by using these commands: [root@skynet tmp]# service vsftpd start [root@skynet tmp]# service vsftpd stop [root@skynet tmp]# service vsftpd restart To configure VSFTPD to start at boot you can use the chkconfig command. [root@skynet tmp]# chkconfig vsftpd on

You have to restrict FTP access to certain users by adding them to the list of users in the /etc/vsftpd.ftpusers and /etc/vsftpd.userlist file. The VSFTPD package creates this file with a number of entries for privileged users that normally shouldn't have FTP access. As FTP doesn't encrypt passwords, thereby increasing the risk of data or passwords being compromised, it is a good idea to let these entries remain and add new entries for additional security Edit the /etc/vsftpd.userlist and /etc/vsftpd.ftpusers and mention the DENY users list. If you want to allow any user including root just comment out or remove that particular user’s entry from both of the files. Now you can try doing ftp from the remote machine. [root@skynet_1 tmp]# ftp 192.168.1.100 Connected to 192.168.1.100 (192.168.1.100) 220 ready, dude (vsFTPd 1.1.0: beat me, break me) Name (192.168.1.100:root): user1 331 Please specify the password. Password: 230 Login successful. Have fun. Remote system type is UNIX. Using binary mode to transfer files. ftp> To view and download a copy of the VSFTPD RPM located on the FTP server skynet. ftp> ls 227 Entering Passive Mode (192,168,1,100,35,173) 150 Here comes the directory listing. -rwxr----- 1 0 502 76288 Jan 04 17:06 vsftpd-1.1.0-1.i386.rpm 226 Directory send OK. ftp> get vsftpd-1.1.0-1.i386.rpm vsftpd-1.1.0-1.i386.rpm.tmp local: vsftpd-1.1.0-1.i386.rpm.tmp remote: vsftpd-1.1.0-1.i386.rpm 227 Entering Passive Mode (192,168,1,100,44,156) 150 Opening BINARY mode data connection for vsftpd-1.1.0-1.i386.rpm (76288 bytes). 226 File send OK. 76288 bytes received in 0.499 secs (1.5e+02 Kbytes/sec) ftp> exit 221 Goodbye. Note: You can ? (question mark) to list all the available commands at ftp prompt. We can alos perform FTP downloads and uploads by using a GUI tool “gftp”. Type the command “gftp” at a graphical console and you can simply drag and drop the files from remote machine’s window to the local one. See the figure below:

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Networking

Page 64 of 167

Figure:gftp In the above figure left window has the Local files and right window shows the Remote ftp server skynet.wilshiresoft.com's files. You can drag and drop the files between windows or you can select individual files and then use the Arrow buttons to upload or download.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Network File System (NFS)

Page 65 of 167

12. NFS 12.1 NFS Operational Overview Linux data storage disks contain files stored in filesystems with a standardized directory structure. New disks are added by attaching, or "mounting", the directories of their filesystems to a directory of an already existing filesystem. This in effect makes the new hard disk transparently appear to be a sub directory of the file system to which it is attached. NFS was developed to allow a computer system to access directories on remote computers by mounting them on a local filesystem as if they were just like a local disk. The systems administrator on the NFS server has to define the directories that need to be activated or "exported" for access by the NFS clients, and administrators on the clients need to define both the NFS server and the subset of its exported directories to use. General NFS Rules There are some general rules that need to be followed when configuring NFS. 1. You can only export directories beneath the "/" directory. 2. You cannot export a subdirectory of a directory that has already been exported. The exception being when the subdirectory is on a different physical device. Likewise you cannot export the parent of a subdirectory unless it is on a separate device too. 3. You can only export local file systems.

12.2 Important NFS Daemons NFS isn't a single program, but a suite of interrelated programs that work together to get the job done. Portmap This is the primary daemon upon which all the others rely. Portmap is manages connections for applications that use the RPC specification. By default portmap listens to TCP port 111 on which an initial connection is made. This is then used to negotiate a range of TCP ports, usually above port 1024, to be used for subsequent data transfers. Portmap needs to be run on both the NFS server and client. NFS Starts the RPC processes needed to serve shared NFS file systems. The NFS daemon only needs to be run on the NFS server. NFSlock Used to allow NFS clients to lock files on the server via RPC processes. The NFSlock daemon needs to be run on both the NFS server and client. NetFS Allows RPC processes run on NFS clients to mount NFS filesystems on the server. The NFSlock daemon only needs to be run on the NFS client.

12.3 Configuring NFS on The Server Both the NFS server and NFS client will have to have parts of the NFS package installed and running. The server will need portmap, nfs and nfslock operational and have a correctly configured /etc/exports file. Here's how to do it.

12.3.1 The /etc/exports File This is the main NFS configuration file and consists of two columns. The first column lists the directories you want to make available to the network. The second column has two parts. The first part lists the networks or DNS

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Network File System (NFS)

Page 66 of 167

domains that can get access to the directory, the second part lists NFS options in brackets. In the case below we have provided: Read only access to the /data/files directory to all networks Read/write access to the /home directory from all servers on the 192.168.1.0 /24 network, that is all addresses from 192.168.1.0 to 192.168.1.255 Read/write access to the /data/test directory from servers in the my-site.com DNS domain Read/write access to the /data/database directory from a single server 192.168.1.203. In all cases we have used the "sync" option to ensure that file data cached in memory is automatically written to the disk after the completion of any disk data copying operation. #/etc/exports /data/files /home /data/test /data/database

*(ro,sync) 192.168.1.0/24(rw,sync) *.my-site.com(rw,sync) 192.168.1.203/32(rw,sync)

Once you have configured your /etc/exports file, you'll need to activate the settings, but first you'll have to make sure NFS is running correctly. Starting NFS on the Server Configuring an NFS server is straightforward with the easy to follow steps outlined below. 1. Use the chkconfig command to configure the required NFS and RPC portmap daemons to start at boot. You will also have to activate NFS file locking to reduce the risk of corrupted data. [root@skynet tmp]# chkconfig --level 35 nfs on [root@skynet tmp]# chkconfig --level 35 nfslock on [root@skynet tmp]# chkconfig --level 35 portmap on

2. Use the init scripts in the /etc/init.d directory to start the NFS and RPC portmap daemons. In the examples below we're using the "start" option, but when needed, you can also stop and restart the processes with the "stop" and "restart" options. [root@skynet tmp]# service portmap start [root@skynet tmp]# service nfs start [root@skynet tmp]# service nfslock start

12.4 Configuring NFS on The Client NFS configuration on the client requires you to start the NFS application; create a directory on which to mount the NFS server's directories that we exported via the /etc/exports file; and finally to mount the NFS server's directory on your local directory or "mount point". Here's how to do it all.

12.4.1 Starting NFS on the Client 1. Use the chkconfig command to configure the required NFS and RPC portmap daemons to start at boot. You will also have to activate NFS file locking to reduce the risk of corrupted data. [root@skynet tmp]# chkconfig --level 35 netfs on [root@skynet tmp]# chkconfig --level 35 nfslock on [root@skynet tmp]# chkconfig --level 35 portmap on

2. Use the init scripts in the /etc/init.d directory to start the NFS and RPC portmap daemons. In the examples below we're using the "start" option, but when needed, you can also stop and restart the processes with the "stop" and "restart" options.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Network File System (NFS)

Page 67 of 167

[root@skynet tmp]# service portmap start [root@skynet tmp]# service netfs start [root@skynet tmp]# service nfslock start

12.4.2 Making NFS Mounting Permanent In most cases, users want their NFS directories to be permanently mounted. This requires an entry in the /etc/fstab file in addition to the creation of the "mount point directory" as seen below. The /etc/fstab File The /etc/fstab file lists all the partitions that need to be auto-mounted when the system boots. Therefore you need to edit the /etc/fstab file if you need the NFS directory to be made permanently available to users on the NFS. In this case we're mounting the /data/files directory on server "skynet" (IP address 192.16801.100) as an NFS type filesystem using the local /mnt/nfs mount point directory. #/etc/fstab #Directory Mount Point 192.168.1.100:/data/files

Type Options /mnt/nfs nfs

Dump FSCK soft,nfsvers=2

0

0

In this example we used the "soft" and "nfsvers" options, Table 30-1 outlines these and other useful NFS mounting options you may want to use. Use the NFS man pages for more details. Manually Mounting NFS File Systems If you don't want a permanent NFS mount, then you can use the "mount" command without the /etc/fstab entry to gain access only when necessary. This is a manual process, but an automated process can be seen in the automounter section. In this case we're mounting the /data/files directory as an NFS type filesystem on the /mnt/nfs mount point. The NFS server is "skynet" whose IP address is 192.168.1.100. Notice how before mounting there were no files visible in the /mnt/nfs directory, this changes after the mounting is completed, [root@skynet tmp]# mkdir /mnt/nfs [root@skynet tmp]# ls /mnt/nfs [root@skynet tmp]# mount -t nfs 192.168.1.100:/data/files /mnt/nfs [root@skynet tmp]# ls /mnt/nfs ISO ISO-RedHat kickstart RedHat

12.4.3 Activating Modifications To The /etc/exports File You can force your system to re-read the /etc/exports file by restarting NFS. In a non production environment this may cause disruptions when an exported directory suddenly disappears without prior notification to users. Here are some methods you can use to update and activate the file with the least amount of inconvenience to others. New Exports File When no directories have yet been exported to NFS, then the "exportfs -a" command is used as seen below. [root@skynet tmp]# exportfs -a Adding A Shared Directory To An Existing Exports File When adding a shared directory you can use the "exportfs -r" command to export only the new entries. [root@skynet tmp]# exportfs -r

12.4.4 Deleting, Moving Or Modifying A Share Removing an exported directory from the /etc/exports file requires work on both the NFS client and server. The steps are as follows. 1. Unexport the mount point directoty on the NFS client using the "umount" command. In this case we're unmounting the /mnt/nfs mount point. [root@skynet tmp]# umount /mnt/nfs www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Network File System (NFS)

Page 68 of 167

Note: You may also need to edit the /etc/fstab file of any entries related to the mount point if you want to make the change permanent even after rebooting. 2. Comment out the corresponding entry in the NFS server's /etc/exports file and reload the modified file as seen below. [root@skynet tmp]# exportfs -ua [root@skynet tmp]# exportfs -a The showmount Command When run on the server, the "showmount -a" command will list all the currently exported directories. It will also show a list of NFS clients accessing the server, in this case one client is with an IP address of 192.168.1.102. [root@skynet tmp]# showmount -a All mount points on skynet: *:/home 192.168.1.102:*

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Network Information System (NIS)

Page 69 of 167

13. Centralized Logins Using NIS 13.1 Introduction to NIS Network Information Services (NIS) allows you to create user accounts that can be shared across all systems on your network. The user account is created only on the NIS server. NIS clients download the necessary username and password data from the NIS server to verify each user login. An advantage of NIS is that users only need to change their passwords on the NIS server, instead of every system on the network. This makes NIS popular in computer training labs, distributed software development projects or any other situation where groups of people have to share many different computers. The disadvantage is that NIS doesn't encrypt the username/password information sent to the clients with each login and all users have access to the encrypted passwords stored on the NIS server. A detailed analysis of NIS security is beyond the scope of this book, but I would suggest that you restrict its use to highly secure networks or networks where access to non NIS networks is highly restricted.

13.2 Configuring The NFS Server for NIS Here are the steps to configure the NFS server in this scenario: Edit the /etc/exports file to allow NFS mounts of the /home directory with read/write access. /home

*(rw,sync)

Let NFS read the /etc/exports file for the new entry and make /home available to the network with the exportfs command. [root@skynet tmp]# exportfs -a Make sure the required NFS, NFS lock and port mapper daemons are both running and configured to start after the next reboot. [root@skynet tmp]# chkconfig nfslock on [root@skynet tmp]# chkconfig nfs on [root@skynet tmp]# chkconfig portmap on [root@skynet tmp]# service portmap start Starting portmapper: [ OK ] [root@skynet tmp]# service nfslock start Starting NFS statd: [ OK ] [root@skynet tmp]# service nfs start Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] [root@skynet tmp]#

13.2.1 Configuring The NFS Client for NIS You'll also need to configure the NFS clients to mount their /home directories on the NFS server. The procedure below will archive the /home directory. In a production environment in which the /home directory would be actively used, you'd have to force the users to log off, backup the data, restore it to the NFS server and then follow the steps below. As this is a lab environment, these prerequisites won't be necessary. 1. Make sure the required netfs, NFS lock and port mapper daemons are both running and configured to start after the next reboot. [root@skynet tmp]# chkconfig nfslock on [root@skynet tmp]# chkconfig netfs on [root@skynet tmp]# chkconfig portmap on [root@skynet tmp]# service portmap start Starting portmapper: [ OK ] [root@skynet tmp]# service netfs start www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Network Information System (NIS)

Page 70 of 167

Mounting other filesystems: [ OK ] [root@skynet tmp]# service nfslock start Starting NFS statd: [ OK ] 2. Keep a copy of the old /home directory, and create a new directory /home on which we'll mount the NFS server's directory. [root@skynet tmp]# mv /home /home.save [root@skynet tmp]# mkdir /home [root@skynet tmp]# ll / ... ... drwxr-xr-x 1 root root 11 Nov 16 20:22 home drwxr-xr-x 2 root root 4096 Jan 24 2003 home.save ... 3. Make sure you can mount skynet's /home directory on the new /home directory we just created. Unmount it once everything looks correct. [root@skynet tmp]# mount 192.168.1.100:/home /home/ [root@skynet tmp]# ls /home ftpinstall nisuser quotauser skynet www [root@skynet tmp]# umount /home

4. Start configuring autofs automounting. Edit your /etc/auto.master file to refer to file /etc/auto.home for mounting information whenever the /home directory is accessed. After five minutes, autofs will unmount the directory. #/etc/auto.master /home /etc/auto.home --timeout 600 5. Edit file /etc/auto.home to do the NFS mount whenever the /home directory is accessed. If the line is too long to view on your screen, you can add a "\" at the end to continue on the next line. *

#/etc/auto.home -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp \ 192.168.1.100:/home:&

6. Start autofs and make sure it will start after the next reboot with the chkconfig command. [root@skynet tmp]# chkconfig autofs on [root@skynet tmp]# service autofs restart Stopping automount:[ OK ] Starting automount:[ OK ] Note: After doing this, you won't be able to see the contents of the /home directory on skynet as user "root". This is because by default NFS activates the root squash feature which disables this user from having privileged access to directories on remote NFS servers. We'll be able to test this later once NIS is configured. All newly added Linux users will now be assigned a home directory under the new remote /home directory. This scheme will make the users feel their home directories are local, when in reality they are automatically mounted and accessed over your network.

13.3 Configuring The NIS Server In the early days, NIS was called "Yellow Pages". The developers had to change the name after a copyright infringement lawsuit, yet many of the key programs associated with NIS have kept their original names beginning with "yp".

Edit Your /etc/sysconfig/network File You need to add the NIS domain you wish to use in the /etc/sysconfig/network file. In the case below, we've called the domain "NIS-HOME_NETWORK". #/etc/sysconfig/network www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Network Information System (NIS)

Page 71 of 167

NISDOMAIN="DESTINY.COM"

Edit Your /etc/yp.conf File NIS servers also have to be NIS clients themselves, so you'll have to edit the NIS client configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or "localhost". # /etc/yp.conf - ypbind configuration file ypserver 127.0.0.1 Start The Key NIS Server Related Daemons Start the necessary NIS daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot.

13.3.1 Required NIS Server Daemons portmap

The foundation RPC daemon upon which NIS runs.

yppasswdd

Lets users change their passwords on the NIS server from NIS clients

ypserv

Main NIS server daemon

ypbind

Main NIS client daemon

ypxfrd

Used to speed up the transfer of very large NIS maps [root@skynet tmp]# service portmap start Starting portmapper: [ OK ] [root@skynet tmp]# service yppasswdd start Starting YP passwd service: [ OK ] [root@skynet tmp]# service ypserv start Setting NIS domain name DESTINY.COM: [ OK Starting YP server services: [ OK ] [root@skynet tmp]# chkconfig portmap on [root@skynet tmp]# chkconfig yppasswdd on [root@skynet tmp]# chkconfig ypserv on

]

13.3.2 Initialize Your NIS Domain Now that you have decided on the name of the NIS domain, you'll have to use the ypinit command to create the associated authentication files for the domain. You will be prompted for the name of the NIS server, which in this case is "skynet". With this procedure, all non privileged accounts will automatically be accessible via NIS. [root@skynet tmp]# /usr/lib/yp/ypinit -m At this point, we have to construct a list of the hosts which will run NIS servers. skynet is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a . next host to add: skynet next host to add: The current list of NIS servers looks like this: skynet Is this correct? [y/n: y] y We need a few minutes to build the databases... Building /var/yp/DESTINY.COM/ypservers... Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/DESTINY.COM' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Network Information System (NIS)

Page 72 of 167

Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/DESTINY.COM' skynet has been set up as a NIS master server. Now you can run ypinit -s skynet on all slave server. Note: Make sure portmapper is running before doing this or you'll get errors like the one below. You will have to delete the /var/yp/DESTINY.COM directory and restart portmapper, yppasswd and ypserv before you'll be able to do this again successfully. failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating group.bygid... Start The ypbind and ypxfrd Daemons You can now start the ypbind and the ypxfrd daemons now that the NIS domain files have been created. [root@skynet tmp]# service ypbind start Binding to the NIS domain: [ OK ] Listening for an NIS domain server. [root@skynet tmp]# service ypxfrd start Starting YP map server: [ OK ] [root@skynet tmp]# chkconfig ypbind on [root@skynet tmp]# chkconfig ypxfrd on

13.4 Managing NIS server Adding New NIS Users New NIS users can be created by logging into the NIS server and creating the new user account. In this case we'll create a user account called "nisuser" and give it a new password. Once this is complete, you will then have to update the NIS domain's authentication files by executing the make command in the /var/yp directory. This procedure will make all NIS enabled, non privileged accounts become automatically accessible via NIS, not just newly created ones. It will also export all the user's characteristics stored in the /etc/passwd and /etc/group files such as the login shell, the user's group and home directory. [root@skynet tmp]# useradd -g users nisuser [root@skynet tmp]# passwd nisuser Changing password for user nisuser. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@skynet tmp]# cd /var/yp [root@skynet yp]# make gmake[1]: Entering directory `/var/yp/DESTINY.COM' Updating passwd.byname... Updating passwd.byuid... Updating netid.byname... gmake[1]: Leaving directory `/var/yp/DESTINY.COM' You can check to see if the user's authentication information has been updated by using the ypmatch command which should return the user's encrypted password string. [root@skynet tmp]# ypmatch nisuser passwd nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/::504:100::/home/nisuser:/bin/bash www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Network Information System (NIS)

Page 73 of 167

13.5 Configuring The NIS Client Now that the NIS server has been configured, it's time to configure the NIS clients. There are a number of related configuration files that you'll need to edit to get it to work. The procedure can be seen below: Run authconfig The authconfig program will automatically configure your NIS files after prompting you for the IP address and domain of the NIS server. [root@skynet tmp]# authconfig Once finished, it should create a /etc/yp.conf file that defines, amongst other things, the IP address of the NIS server for a particular domain. It will also edit the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs. # /etc/yp.conf - ypbind configuration file domain DESTINY.COM server 192.168.1.100 #/etc/sysconfig/network NISDOMAIN=DESTINY.COM

The authconfig program also updates the /etc/nisswitch.conf file which lists the order in which certain data sources should be searched for name lookups like those in DNS, LDAP and NIS. Here we can see where NIS entries have been added for the important login files. #/etc/nisswitch.conf passwd: files nis shadow: files nis group: files nis Note: A sample NIS nsswitch.conf file can also be located in the /usr/share/doc/yp-tools* directory Start The NIS Client Related Daemons Start the ypbind NIS client, yppasswd and portmap daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot. Remember to use the "rpcinfo" command to ensure they are running correctly. [root@skynet tmp]# service portmap start Starting portmapper: [ OK ] [root@skynet tmp]# service ypbind start Binding to the NIS domain: Listening for an NIS domain server. [root@skynet tmp]# service yppasswdd start Starting YP passwd service: [ OK ] [root@skynet tmp]# chkconfig ypbind on [root@skynet tmp]# chkconfig portmap on [root@skynet tmp]# chkconfig yppasswdd on Test NIS Access To The NIS Server You can run the ypcat, ypmatch and getent commands to make sure communication to the server is correct. [root@skynet tmp]# ypcat passwd nisuser:$1$Cs2GMe6r$1hohkyG7ALrDLjH1:505:100::/home/nisuser:/bin/bash quotauser:!!:503:100::/home/quotauser:/bin/bash ftpinstall:$1$8WjAVtes$SnRh9S1w07sYkFNJwpRKa.:502:100::/:/bin/bash www:$1$DDCi/OPI$hwiTQ.L0XqYJUk09Bw.pJ/:504:100::/home/www:/bin/bash skynet:$1$qHni9dnR$iKDs7gfyt..BS9Lry3DAq.:501:100::/:/bin/bash [root@skynet tmp]# ypmatch nisuser passwd nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/:504:100::/home/nisuser:/bin/bash [root@skynet tmp]# getent passwd nisuser nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/:504:100::/home/nisuser:/bin/bash www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Network Information System (NIS)

Page 74 of 167

Possible sources of error would include: Incorrect authconfig setup resulting in errors in the /etc/yp.conf, /etc/sysconfig/network and /etc/nsswitch.conf files Failure to run the ypinit command on the NIS server NIS not being started on the NIS server or client. Poor routing between the server and client, or the existence of a firewall that's blocking traffic Try to eliminate these areas as sources of error and refer to the syslog /var/log/messages file on the client and server for entries that may provide additional clues. Test Logins Via The NIS Server You should next try to test a remote login once your basic NIS functionality testing is complete. Failures in this area could be due to firewalls blocking telnet or SSH access and the telnet and SSH server process not being started on the clients. Logging In Via Telnet Try logging into the NIS client via telnet if it is enabled [root@skynet tmp]# telnet 192.168.1.201 Trying 192.168.1.201... Connected to 192.168.1.201. Escape character is '^]'. Red Hat Linux release 9 (Shrike) Kernel 2.4.20-6 on an i686 login: nisuser Password: Last login: Sun Nov 16 22:03:51 from 192-168-1-100.simiya.com Changing Your NIS Passwords You should also test to make sure your users can change their NIS passwords from the NIS clients with the yppasswd command.

Users Changing Their Own Passwords Users can change their passwords by logging into the NIS server and issuing the yppasswd command. [nisuser@skynet nisuser]$ yppasswd Changing NIS account information for nisuser on skynet.my-site.com. Please enter old password: Changing NIS password for nisuser on skynet.my-site.com. Please enter new password: Please retype new password: The NIS password has been changed on skynet.my-site.com.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – DNS

Page 75 of 167

14. DNS 14.1 Introduction to DNS Before we begin, it is best to understand a few foundation concepts in DNS on which the rest of the document is built. DNS Domains Everyone in the world has a first name and a last or "family" name. DNS is similar in that a family of websites can be closely described as being a "domain". For example the domain wilshiresoft.com has a number of production such as www.wilshiresoft.com and mail.wilshiresoft.com for the web and mail servers respectively. BIND BIND is an acronym for the "Berkeley Internet Name Domain" project which maintains the DNS related software suite that runs under Linux. The most well known program in BIND is "named", the daemon that responds to DNS queries from remote machines. DNS Clients A DNS client doesn't store DNS information; it always has to refer to a DNS server to get it. The only DNS configuration file for a DNS client is the /etc/resolv.conf file which defines the IP address of the DNS server it should use. You shouldn't need to configure any other files. You can learn more about the /etc/resolv.conf file in the sections that follow. Authoritative DNS Servers Authoritative servers provide the definitive information for your DNS domain such as the names of servers and websites in it. They are the "last word" in information related to your domain.

14.2 Basic DNS Testing of DNS Resolution DNS resolution maps a fully qualified domain name (FQDN), such as www.wilshiresoft.com, to an IP address. This is also known as a "forward lookup". The reverse is also true. DNS is also capable of determining the fully qualified domain name associated with an IP address in what is unsurprisingly called a "reverse lookup". It is possible to have many different websites mapping to a single IP address but the reverse isn't true, an IP address can map to only one FQDN. This means that forward and reverse entries frequently won't match. The reverse DNS entries are usually the responsibility of the ISP hosting your site, so it is quite common for the reverse lookup to resolve to the ISP's domain. This isn't an important factor for most small sites, but some eCommerce applications require matching entries to operate correctly. You may have to ask your ISP to make a custom DNS change to correct this. There are a number of commands you can use do these lookups. The first one is "host" which is set to replace the older "nslookup" command. The Host Command The host command will accept arguments that are either the fully qualified domain name or the IP address of the server when providing results as we see below. Forward Lookup Example [root@skynet tmp]# host www.wilshiresoft.com www.wilshiresoft.com has address 200.200.0.1 [root@skynet tmp]# Reverse Lookup Example [root@skynet tmp]# host 200.200.0.1 0.200.200.in-addr.arpa domain name pointer 200.200.0.1.wilshiresoft.com As you can see, the forward and reverse entries don't match. The reverse entry matches the entry of the ISP. The nslookup Command www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – DNS

Page 76 of 167

The nslookup command tends to be more verbose than the host command providing the IP addresses of the DNS servers that provided it with its information. Unlike the host command, the nslookup command is available to Windows PCs. Forward Lookup Example [root@skynet tmp]# nslookup www.wilshiresoft.com Server: 200.200.0.1 Address: 200.200.0.1#53 Non-authoritative answer: Name: www.wilshiresoft.com Address: 200.200.0.1 Reverse Lookup Example [root@skynet tmp]# nslookup 65.115.71.34 Server: 200.200.0.1 Address: 200.200.0.1#53

14.4 Configuring DNS Install The BIND Packages When searching for the file, remember that the BIND RPM's filename usually starts with the word "bind" followed by a version number like this: bind-9.2.2.P3-9.i386.rpm. Start the BIND service You can use the chkconfig command to get BIND configured to start at boot: [root@skynet tmp]# chkconfig named on To start/stop/restart BIND after booting [root@skynet tmp]# service named start [root@skynet tmp]# service named stop [root@skynet tmp]# service named restart Note: Remember to restart the BIND process every time you make a change to the configuration file for the changes to take effect on the running process.

14.3 The /etc/resolv.conf File This file is used by DNS clients (servers not running BIND) to determine both the location of their DNS server and the domains to which they belong. It generally has two columns, the first contains a keyword and the second contains the desired value(s) separated by commas. A list of keywords can be found in the following Table Keywords In /etc/resolv.conf Keyword

Value

nameserver

IP address of your DNS nameserver. There should be only one entry per "nameserver" keyword. If there is more than one nameserver, you'll need to have multiple "nameserver" lines.

Domain

The local domain name to be used by default. If the server is wstsun1.wilshiresoft.com, then the entry would just be wilshiresoft.com

Search

If you refer to another server just by its name without the domain added on, DNS on your client will append the server name to each domain in this list and do an nslookup on each to get the remote servers' IP address. This is a handy time saving feature to have so that you can refer to servers in the same domain by only their servername without having to specify the domain. The domains in this list must separated by spaces.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – DNS

Page 77 of 167

Here is a sample configuration in which: Nameserver, 200.200.0.1 provide DNS name resolution. search wilshiresoft.com nameserver 200.200.0.1

Configuring Nameserver The named.conf file The main DNS configuration is kept in the /etc/named.conf file which is used to tell BIND where to find the configuration files for each domain you own. There are usually two zone areas in this file: Forward zone file definitions which list files to map domains to IP addresses Reverse zone file definitions which list files to map IP addresses to domains In this example the forward zone for www.wilshiresoft.com is being set up by placing the following entries at the bottom of the named.conf file. The zone file is named wilshiresoft.zone and, though not explicitly stated, the file wilshiresoft.zone should be located in the default directory of /var/named/chroot/var/named in Fedora Core and in /var/named in RedHat 9 and older. zone "wilshiresoft.com" { type master; notify no; allow-query { any; }; file "wilshiresoft.zone"; }; Note: The "allow-query" directive defines the networks that are allowed to query your DNS server for information on any zone. For example, to limit queries to only our 200.200.0.0 network, you could modify the directive to state allow-query { 200.200.0.0/24; }; The reverse zone definition below is an example of a named.conf for a reverse zone file named 200-200-0.zone for the 200.200.0.0/24 network. zone "0.200.200.in-addr.arpa" { type master; notify no; file "200-200-0.zone"; }; Note: the reverse order of the IP address in the zone section is important as is the fact that only the first three octets of the IP address are represented. Configuring The Zone Files There are a number of things to keep in mind when configuring DNS zone files. In all zone files, you can place a comment at the end of any line by inserting a semi-colon ";" character then typing in the text of your comment. By default, your zone files are located in the directory /var/named or /var/named/chroot/var/named. Each zone file contains a variety of records (e.g. SOA, NS, MX, A and CNAME) which govern different areas of BIND. Each will be explained later with examples.

Time to Live Value Caching DNS servers cache the responses to their queries from authoritative DNS servers. The authoritative servers not only provide the DNS answer but the valid lifetime or time to live (TTL) of the information. The purpose of a TTL is to reduce the number of DNS queries the authoritative DNS server has to answer. If the TTL is set to three days, then caching servers will use the original stored response for this length of time before making the query again. The TTL value for the zone is usually the very first entry in the zone file. In the example below, it is set to three days. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – DNS

Page 78 of 167

$TTL 3D Note: BIND recognizes a number of suffixes for time related values. A "D" signifies days, a "W" signifies weeks and an "H" signifies hours. In the absence of a suffix, BIND assumes the value is in seconds. DNS Resource Records The rest of the records in a zone file are usually BIND resource records. They define the nature of the DNS information in your zone files that's presented to querying DNS clients. They all have the general format: Name Class Type Data There are different types of record for mail (MX), forward lookups (A), reverse lookups (PTR), aliases (CNAME) and overall zone definitions (SOA). The data portion is formatted according to the record "type" and may consist of several values separated by spaces. Similarly, the "name" is also subject to interpretation based on this factor. The formatting and use of each type of record will be discussed in sections to follow. The SOA Record The very first resource record is the Start of Authority (SOA) record which contains general administrative and control information about the domain. It has the following format: Name Class Type Name-Server Email-Address Serial-No Refresh Retry Expiry Minimum-TTL The record can be long, and will sometimes wrap around on your screen. For the sake of formatting, you insert "new line" characters between the fields as long as you insert at the beginning and end of the insertion to alert BIND that part of the record will straddle multiple lines. You can also add comments to the end of each new line separated by a semicolon when you do this. Here is an example: @ IN SOA wstsun1.wilshiresoft.com. hostmaster.wilshiresoft.com. ( 2004100801 ; serial # 4H ; refresh 1H ; retry 1W ; expiry 1D ) ; minimum So in this example, the primary name server has been defined as "wstsun1.wilshiresoft.com" with a contact email address of "[email protected]". The serial number is "2004100801" with refresh, retry, expiry and minimum values of 4 hours, 1 hour, 1 week and 1 day respectively. Like the SOA record, the NS, MX, A, PTR and CNAME records each occupy a single line with a very similar general format. Sample Forward Zone File Now that the key elements of a zone file have been described, it's time to examine a working example for the domain wilshiresoft.com. ; @ IN SOA wstsun1.wilshiresoft.com. 200211152 ; serial# 3600 ; refresh, seconds 3600 ; retry, seconds 3600 ; expire, seconds 3600 ) ; minimum, seconds ; NS www wstsun1 wstsun2 wstsun3 server

A A A CNAME

hostmaster.wilshiresoft.com.

(

; Inet Address of nameserver 200.200.0.1 200.200.0.2 200.200.0.3 wstsun1

Notice that in this example: Server wstsun1.wilshiresoft.com is the name server for wilshiresoft.com. In corporate environments there may be a separate name server for this purpose. Primary name servers are more commonly called "wstsun1" and secondary name servers "wstsun2".

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – DNS

Page 79 of 167

The minimum TTL value ($TTL) is 3 days therefore remote DNS caching servers will store learned DNS information from your zone for 3 days before flushing it out of their caches. The MX record for wilshiresoft.com points to the server named mail.wilshiresoft.com Sample Reverse Zone File Now we need to make sure that we can do an nslookup query on all our home network's PCs and get their correct IP addresses. This is very important if you are running a mail server on your network as sendmail typically will only relay mail from hosts whose IP addresses resolve correctly in DNS. NFS, which is used in network based file access, also requires valid reverse lookup capabilities. This is an example of a zone file for the 200.200.0.x network. All the entries in the first column refer to the last octet of the IP address for the network, so the IP address 200.200.0.1 points to the name wstsun1.wilshiresoft.com. Notice how the main difference between forward and reverse zone files is that the reverse zone file only has PTR and NS records. Also the PTR records cannot have CNAME aliases. ; ; Zone file for 200.200.0.x ; $TTL 3D @ IN SOA www.wilshiresoft.com. 200303301 ; serial number 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds ; NS www ; Nameserver Address ; 1 PTR wstsun1.wilshiresoft.com. 2 PTR wstsun2.wilshiresoft.com. 3 PTR wstsun3.wilshiresoft.com.

hostmaster.wilshiresoft.com. (

Loading Your New Configuration Files Here are the steps you need to follow to load your new configuration files. Make sure your file permissions and ownership are OK in the /var/named directory. [root@skynet tmp]# cd /var/named [root@wstsun1 named]# ll total 6 -rw-r--r-- 1 named named 195 May 3 2005 localhost.zone -rw-r--r-- 1 named named 2769 May 3 2005 named.ca -rw-r--r-- 1 named named 433 May 3 2005 named.local -rw-r--r-- 1 root root 763 May 2 16:23 wilshiresoft.zone [root@wstsun1 named]# chown named * [root@wstsun1 named]# chgrp named * [root@wstsun1 named]# ll total 6 -rw-r--r-- 1 named named 195 May3 2005 localhost.zone -rw-r--r-- 1 named named 2769 May 3 2005 named.ca -rw-r--r-- 1 named named 433 May 3 2005 named.local -rw-r--r-- 1 named named 763 May 2 16:23 wilshiresoft.zone The configuration files above will not be loaded until you issue the following command to restart the named process that controls DNS. Note: (Make sure to increment your configuration file serial number before doing this). [root@skynet tmp]# /etc/init.d/named restart Last, but not least, take a look at the end of your /var/log/messages file to make sure there are no errors. Make sure your /etc/hosts and /etc/resolv.conf file is correctly updated. And test your configuration with nslookup and dig commands. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – DNS

Page 80 of 167

Note: We can also use the redhat-config-bind GUI tool to configure DNS, but it’s not recommended.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – DHCP

Page 81 of 167

15.DHCP/Bootp DHCP (Dynamic Host Configuration Protocol) and bootp are protocols that allow a client machine to obtain network information (such as an IP number) from a server. Many organizations are starting to use dynamic host control because it simplifies and centralizes network administration.

15.1 DHCP Operational Overview As with most network services there is a server side and a client side to DHCP. The examples use the DHCPd daemon on the server side, and the pump (is a client program) executable on the client side. There are other packages available, but these binaries are the ones installed with Red Hat by default.          

Provides dynamic configuration and network information to hosts. IP address. DNS servers. Netbios name servers. Gateways. Domain name. Only one DHCP server per network segment. Uses broadcast packets to retrieve information. Superset of bootp. Can answer requests from bootp clients.

Install the DHCP package dhcp-3.0.1rc14-1.i386.rpm (available in 3rd CD of RedHat9 distribution).

15.2 the /etc/dhcpd.conf File When DHCP starts it reads the file /etc/dhcpd.conf. It uses the commands here to configure your network. Many RPM packages don't automatically install a /etc/dhcpd.conf file, but you can find a sample copy of dhcpd.conf in the following directory which you can always use as a guide. /usr/share/doc/dhcp-/dhcpd.conf.sample Copy the sample dhcpd.conf file to the /etc directory and then edit it. Here is the command to do the copying for the version 3.0p11 RPM file: [root@skynet tmp]# cp /usr/share/doc/dhcp-3.0pl1/dhcpd.conf.sample \ /etc/dhcpd.conf Here is a quick explanation of the dhcpd.conf file: Most importantly, there must be a "subnet" section for each interface on your Linux box. ddns-update-style interim # ignore client-updates # subnet 200.200.0.0 netmask 255.255.255.0 { # The range of IP addresses the server # will issue to DHCP enabled PC clients # booting up on the network range 200.200.0.201 200.200.0.220; # Set the amount of time in seconds that # a client may keep the IP address default-lease-time 86400; max-lease-time 86400; # Set the default gateway to be used by # the PC clients option routers 200.200.0.1; # Don't forward DHCP requests from this # NIC interface to any other NIC # interfaces option ip-forwarding off; www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – DHCP

Page 82 of 167

# Set the broadcast address and subnet mask # to be used by the DHCP clients option broadcast-address 200.200.0.255; option subnet-mask 255.255.255.0; # Set the DNS server to be used by the # DHCP clients option domain-name-servers 200.200.0.1; # Set the NTP server to be used by the # DHCP clients option nntp-server 200.200.0.1; # If you specify a WINS server for your Windows clients, # you need to include the following option in the dhcpd.conf file: option netbios-name-servers 200.200.0.1; } # # List an unused interface here # subnet 200.200.2.0 netmask 255.255.255.0 { } There many more options statements you can use to configure DHCP. These include telling the DHCP clients where to go for services such as finger and IRC. Check the dhcp-options man page after you do your install. The command to do this follows: [root@skynet tmp]# man dhcp-options Lease Database On the DHCP server, the file /var/lib/dhcp/dhcpd.leases stores the DHCP client lease database. This file should not be modified by hand. DHCP lease information for each recently assigned IP address is automatically stored in the lease database. The information includes the length of the lease, to whom the IP address has been assigned, the start and end dates for the lease, and the MAC address of the network interface card that was used to retrieve the lease. All times in the lease database are in Greenwich Mean Time (GMT), not local time. The lease database is recreated from time to time so that it is not too large. First, all known leases are saved in a temporary lease database. The dhcpd.leases file is renamed dhcpd.leases~ and the temporary lease database is written to dhcpd.leases. The DHCP daemon could be killed or the system could crash after the lease database has been renamed to the backup file but before the new file has been written. If this happens, the dhcpd.leases file does not exist, but it is required to start the service. Do not create a new lease file. If you do, all old leases are lost which causes many problems. The correct solution is to rename the dhcpd.leases~ backup file to dhcpd.leases and then start the daemon.

15.2.1 Start the DHCP services Use the chkconfig command to get DHCP configured to start at boot: [root@skynet tmp]# chkconfig dhcpd on Use the /etc/init.d/dhcpd script to start/stop/restart DHCP after booting [root@skynet tmp]# /etc/init.d/dhcpd start [root@skynet tmp]# /etc/init.d/dhcpd stop [root@skynet tmp]# /etc/init.d/dhcpd restart Remember to restart the DHCP process every time you make a change to the conf file for the changes to take effect on the running process. You also can test whether the DHCP process is running with the following command, you should get a response of plain old process ID numbers: www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – DHCP

Page 83 of 167

[root@skynet tmp]# pgrep dhcpd Finally, always remember to set your PC to get its IP address via DHCP.

15.3 Configuring Linux Clients To Use DHCP Linux NIC cards can be configured to dynamically get their IP addresses from a DHCP server by editing the interface scripts in the /etc/sysconfig/network-scripts directory. Here is an example shows how to configure the DHCP client: [root@skynet tmp]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 bootproto=dhcp wq! Here bootproto=dhcp tells the system to get an IP address from the DHCP server during the boot time# We can also get an IP address from DHCP server by using following command: [root@skynet tmp]# dhclient

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Apache Web Server

Page 84 of 167

16. Apache Web Server 16.1 Introduction - What is Apache The Apache web server project is more than just a piece of software. The Apache web server is the best, and most preferred, HTTP server software in use on the Internet today, and it was written entirely as a volunteer project, by volunteer programmers, in their spare time. That, in itself, is astonishing. That is, it is to people that are not familiar with the Open Source methodology, and Open Source projects like Linux, Perl, Sendmail, and a variety of others. The interesting thing about these volunteer-written, free software packages is that most of us, and our businesses, rely heavily on them, whether we are aware of it or not. The WWW The Internet has been around for a long time. More than 30 years now. But for most of that time, it was entirely the domain of geeks and hobbyists. The main reason for this was that it was hard to use. In 1991, Tim Berners-Lee developed something that he called the World Wide Web, while working at CERN. His purpose was to give quick and easy access to documents for geographically distributed people collaborating on projects. Along with a lot of help from the standards community (and, notably, Roy Fielding), they defined HTTP, HTML, URLs, and the other necessary components of making the Web a reality. He then went off, and with the help of colleagues around the world, communicating via email, developed the CERN web server, and a simple Web client, which he dubbed a ``browser.'' The name came about because there was very little of real value on the Web at that time, and all you ever really did was browse. Ironic that the name stuck! NCSA As more and more people got involved in the project, it was several Universities that contributed to the project the most. From very early on, one of the front-runners was the National Center for Supercomupting Activities (NCSA) at the University of Illinois at Urbana Champaign (UIUC). NCSA started working on the NCSA HTTPd (HyperText Transfer Protocol Daemon). Although that project is not active any more, you can still see the web site of the project at It still contains a wealth of information, most of which is still relevant, because the standards have not changed much in 8 years. Rob McCool wrote the original code for the NCSA HTTPd, and this code was distributed without charge to the community, for them to use, with the understanding that if they fixed bugs, or added features, that they would then contribute them back to Rob to put into future versions. The Apache Server When Rob left the project, it left a problem. There were still a lot of people using his code, and actively making patches to the code, but there was no longer anyone collecting those patches. In 1995, Brian Behlendorf and a small group of other developers started collecting these patches in a central repository. Brian got some space donated on a server, and set up a CVS tree so that developers could check in patches. And in April of 1995, they released the first official release (Version 0.6.2), which was given the name Apache, because it was ``a patchy server''. The Apache Group, as they were known at that time, had no formal organizational structure, never met, communicated only over email, and worked entirely in their free time, on a volunteer basis. Early the next year, Apache passed NCSA as the most widely used server on the Internet, and is now used on more than 60% of all web servers on the Internet. Apache's architecture Since the 1.0 release of Apache (December 1, 1995) Apache has has a modular design. The core of the server is very light-weight, and all other functions are implemented as modules that plug in to the core. This means that you can keep the size of the executable down by leaving out functionality that you don't need. It also means that if there is some functionality missing that you do need, you can write your own custom module to plug into the core.

16.2. Configuring Apache www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Apache Web Server

Page 85 of 167

The configuration file used by Apache is /etc/httpd/conf/httpd.conf. Like most Linux applications you have to restart Apache before changes to the configuration file will take effect. Examples of how to configure this file will follow.

16.2.1 Configure the /etc/httpd/conf/httpd.conf file The httpd.conf file is the main configuration file for the Apache web server. A lot options exist, and it's important to read the documentation that comes with Apache for more information on different settings and parameters. The following configuration example is a minimal working configuration file for Apache, with SSL support. Also, it's important to note that we only comment the parameters that relate to security and optimization, and leave all the others to your own research. Edit the httpd.conf file, vi /etc/httpd/conf/httpd.conf and add/change: ### Section 1: Global Environment # ServerType standalone ServerRoot "/etc/httpd" PidFile /var/run/httpd.pid ResourceConfig /dev/null AccessConfig /dev/null Timeout 300 KeepAlive On MaxKeepAliveRequests 0 KeepAliveTimeout 15 MinSpareServers 16 MaxSpareServers 64 StartServers 16 MaxClients 512 MaxRequestsPerChild 100000 ### Section 2: 'Main' server configuration # Port 80 Listen 80 Listen 443 User www Group www ServerAdmin [email protected] ServerName www.wilshire.com DocumentRoot "/home/httpd/wst" Options None AllowOverride None Order deny,allow Deny from all Options None AllowOverride None Order allow,deny Allow from all Options None AllowOverride None www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Apache Web Server

Page 86 of 167

Order deny,allow Deny from all DirectoryIndex index.htm index.html index.php index.php3 default.html index.cgi # #Include conf/mmap.conf # UseCanonicalName On TypesConfig /etc/httpd/conf/mime.types DefaultType text/plain HostnameLookups Off ErrorLog /var/log/httpd/error_log LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{UserAgent}i\"" combined SetEnvIf Request_URI \.gif$ gif-image CustomLog /var/log/httpd/access_log combined env=!gif-image ServerSignature Off ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/" AllowOverride None Options None Order allow,deny Allow from all index.htm The "l" at the very beginning of the index.html entry signifies a link and the "->" the link target.

The Default File Location By default, Apache expects to find all its web page files in the /var/www/html/ directory with a generic DocumentRoot statement at the beginning of httpd.conf. The examples will use the /home/www directory to illustrate how you can place them in other locations successfully. File Permissions And Apache Apache will display web as long as they are world readable. You have to make sure you make all the files and sub-directories in your DocumentRoot have the correct permissions. It is a good idea to have the files owned by a non privileged user so that web developers can do updates to the files using FTP or SCP without requiring the root password. In the example below we do this by: 1. Creating a user with a home directory of /home/www. 2. Recursively changing the file ownership permissions of the /home/www directory and all its sub-directories. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Apache Web Server

Page 90 of 167

3. Changing the permissions on the /home/www directory to 755 which will allow all users, including the Apache's httpd daemon, to read the files inside. [root@skynet tmp]# useradd -g users www [root@skynet tmp]# chown -R www:users /home/www [root@skynet tmp]# chmod 755 /home/www Now we test for the new ownership with the "ll" command. [root@skynet tmp]# ll /home/www/site1/index.* -rw-rw-r-1 www users 48590 Jun 25 23:43 index.htm lrwxrwxrwx 1 www users 9 Jun 25 18:05 index.html -> index.htm [root@skynet tmp]# Note: It is also a good practice to FTP or SCP new files to your web server as this new user. This will make all the transferred files automatically have the correct ownership. If you browse your website after configuring Apache and get a "permissions" error on your screen, then your files or directories under your DocumentRoot most likely have incorrect permissions. Appendix II has a short script that you can use to recursively set the file permissions in a directory to match those expected by Apache. You may also have to use the "Directory" directive to make Apache serve the pages once the file permissions have been correctly set. If you have your files in the default /home/www directory then this second step becomes unnecessary.

16.3.2 Named Virtual Hosting You can make your web server host more than one site per IP address by using Apache's "named virtual hosting" feature. The NameVirtualHost directive in the /etc/httpd/conf/httpd.conf file is used to tell Apache the IP addresses which will participate in this feature. The containers in the file then tell Apache where it should look for the web pages used on each web site. You must specify the IP address for which each container applies. Named Virtual Hosting Example In the case below, the server is configured to provide content on 97.158.253.26. Notice that within each container you specify the primary website domain name for that IP address with the ServerName directive. The directory where the index page for that site is located is defined with the DocumentRoot directive. You can also list secondary domain names which will serve the same content as the primary ServerName using the ServerAlias directive. Apache will search for a perfect match of NameVirtualHost, and ServerName when making a decision as to which content to send to the remote user's web browser. If there is no match, then Apache will use the first in the list that matches the target IP address of the request. This is why we have placed a "*" at the very beginning which will be used for all other web queries. NameVirtualHost 97.158.253.26 Default Directives. (In other words, not site #1 or site #2) servername www.my-site.com Directives for site #1 servername www.my-other-site.com Directives for site #2 Be careful with using "*" in other containers. A with a specific IP address will always get higher priority than a statement with a "*" intended to cover the same IP address, even if the www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Apache Web Server

Page 91 of 167

ServerName directive doesn't match. To get consistent results, try to limit the use of your "*" statements to the beginning of the list to cover any other IP addresses your server may have. You can also have multiple NameVirtualHost directives, each with a single IP address, in cases where your web server has more than one IP address IP Based Virtual Hosting The other virtual hosting option is to have one IP address per website which is also known as IP based virtual hosting. In this case you will NOT have a NameVirtualHost directive for the IP address, and you must only have a single container per IP address. Example IP Virtual Hosting : Single Wild Card In this example, Apache listens on all interfaces, but gives the same content. Apache will display the content in the first directive even if you add another right after it. Apache also seems to enforce the single container per IP address requirement by ignoring any ServerName directives you may use inside it. DocumentRoot /home/www/site1 Example IP Virtual Hosting : Wild Card and IP addresses In this example, Apache listens on all interfaces, but gives different content for addresses 97.158.253.26 and 97.158.253.27. Web surfers will get the "site1" content if they try to access the web server on any of its other IP addresses. DocumentRoot /home/www/site1 DocumentRoot /home/www/site2 DocumentRoot /home/www/site3 [root@skynet tmp]# service httpd restart The Apache Error Log Files The /var/log/httpd/error_log file is a good source for error information. Unlike the /var/log/httpd/access_log file, there is no standardized formatting. The /var/log/httpd/error_log file also is the location where CGI script errors are written. Many times CGI scripts will fail with a blank screen on your browser, the /var/log/httpd/error_log file will most likely have the cause of the problem.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Sharing Resources Using SAMBA

Page 92 of 167

17. Sharing Resources Using SAMBA 17.1 Introduction Samba is a suite of utilities that allows your Linux box to share files and other resources such as printers with Windows boxes. Either configuration will allow everyone at home to have their own logins on all the home windows boxes while having their files on the Linux box appear to be located on a new Windows drive shared access to printers on the Linux box shared files accessible only to members of their Linux user group.

17.2. Configuring SAMBA Install the SAMBA [root@skynet tmp]# rpm -ivh samba-client-3.0.0-15.i386.rpm Start SAMBA service You can configure Samba to start at boot time using the chkconfig command: [root@skynet tmp]# chkconfig smb on You can start/stop/restart Samba after boot time using the smb initialization script as in the examples below: [root@skynet tmp]# service smb start [root@skynet tmp]# service smb stop [root@skynet tmp]# service smb restart Note: Unlike many Linux packages, Samba does not need to be restarted after changes have been made to its configuration file, as it is read after the receipt of every client request. You can test whether the smb process is running with the pgrep command; you should get a response of plain old process ID numbers: [root@skynet tmp]# pgrep smb The Samba Configuration File The /etc/samba/smb.conf file is the main configuration file you'll need to edit. It is split into five main sections. File Format - smb.conf [global] General Samba configuration parameters [printers] Used for configuring printers [homes] Defines treatment of user logins [netlogon] A share for storing logon scripts. (Not created by default.) [profile] A share for storing domain logon information such as "favorites" and desktop icons. You can edit this file by hand, or more simply through Samba's SWAT web interface.

17.3 Configuring SWAT (Samba Web Administration Tool) Samba has a web based configuration tool called SWAT that allows you configure your smb.conf file without you needing to remember all the formatting. Each SWAT screen is actually a form that covers a separate section of the smb.conf file into which you fill in the desired parameters. For ease of use, each parameter box has its own online help.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Sharing Resources Using SAMBA

Page 93 of 167

17.3.1 Basic SWAT Setup You must always remember that SWAT edits the smb.conf file but also strips out any comments you may have manually entered into it beforehand. The original Samba smb.conf file has many worthwhile comments in it and should be saved as a reference before proceeding with SWAT which will remove them. For example, you could save the original file with the name /etc/samba/smb.conf.original as seen below. [root@skynet tmp]# cp /etc/samba/smb.conf /etc/samba/smb.conf.original As you can see, using SWAT requires some understanding of the smb.conf file parameters because it eliminates these comments. It is therefore always good practice to become familiar with the most important options in this file before proceeding with SWAT. SWAT doesn't encrypt your login password. This may be a security concern in a corporate environment. Because of this, you may want to create a Samba administrator user that has no root privileges and/or only enable SWAT access from the GUI console or localhost. service swat { port socket_type protocol wait user server log_on_failure disable only_from }

= 901 = stream = tcp = no = root = /usr/sbin/swat += USERID = no = localhost

The formatting of the file is fairly easy to understand, especially as there are only two entries of interest. The "disable" parameter must be set to "no" to accept connections.

Therefore to activate SWAT the The default configuration only allows SWAT web access from the VGA console as user "root" on port 901 with the Linux root password. This means you'll have to enter "http://127.0.0.0:901" in your browser to get the login screen. You can make SWAT accessible from other servers by adding IP address entries to the only_from parameter of the SWAT configuration file. Here's an example of an entry to allow connections only from 192.168.1.3 and localhost. Notice there are no commas between the entries. only_from = localhost 192.168.1.3 Therefore in this case you can also configure Samba on your Linux server "Skynet" IP with address 192.168.1.100 from PC 192.168.1.3 using the URL http://192.168.1.100:901. Remember that most firewalls don't allow TCP port 901 trough their filters. You may have to adjust your rules for this traffic to pass.

Controlling SWAT As with all xinetd controlled applications, the chkconfig command will automatically modify the "disable" field accordingly in the configuration file and activate the change. Activating SWAT [root@skynet tmp] chkconfig swat on Deactivating SWAT [root@skynet tmp] chkconfig swat off

Add Users To Your Samba Domain www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Sharing Resources Using SAMBA

Page 94 of 167

Adding users to a domain has three broad phases. The first is adding a Linux user on the Samba server, the second is creating a Samba smbpasswd that maps to the Linux user created previously, and final step is to map a Windows drive letter to the user's Linux home directory. This is all outlined below: Adding The Users In Linux First go through the process of adding users in Linux just like you would normally do. Passwords won't be necessary unless you want the users to log in to the Samba server via Telnet or SSH. Create the user [root@skynet tmp]# useradd -g 100 peter Give them a Linux Password This is only necessary if the user needs to log into the Samba server directly. [root@skynet tmp]# passwd peter Changing password for user peter. New password: Retype new password: passwd: all authentication tokens updated successfully. Mapping The Linux Users To An smbpassword Next you need to create Samba domain login passwords for the user [root@skynet tmp]#/usr/bin/smbpasswd -a username password The "-a" switch adds the user to the /etc/smbpasswd file. Use a generic password then have users change it immediately from their workstation the usual way. Remember the smbpasswd sets the Windows Domain login password for a user. This is different from the Linux login password to log into the Samba box. Create The Directory And User Group 1. Create a new Linux group marketing: [root@skynet tmp]# /usr/sbin/groupadd marketing 2. Create a new directory for the group's files. If one user is designated as the leader, you might want to change the chown statement to make them owner [root@skynet tmp]# mkdir /home/parent-files [root@skynet tmp]# chgrp marketing /home/parent-files [root@skynet tmp]# chmod 0770 /home/parent-files

3. Next add the group members to the new group. For instance, let's add user "father" to the group. [root@skynet tmp]# /usr/sbin/usermod -G marketing father 4. /etc/samba/smb.conf file should have an entry like this at the end: # Marketing Shared Area [only-marketing] path = /home/parent-files valid users = @marketing Now simply restart the smb service and access the share from windows machine.

18. KICKSTART (Network Based Linux Inst over the NFS) 18.1 Introduction www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Sharing Resources Using SAMBA

Page 95 of 167

RedHat Linux allows you to install the operating system over the network using a Kickstart server. It is comparatively much faster than using CDs and the whole install process can be automated. What are Kickstart Installations? Many system administrators would prefer to use an automated installation method to install Red Hat Linux on their machines. To answer this need, Red Hat created the kickstart installation method. Using kickstart, a system administrator can create a single file containing the answers to all the questions that would normally be asked during a typical Red Hat Linux installation. Kickstart files can be kept on single server system and read by individual computers during the installation. This installation method can support the use of a single kickstart file to install Red Hat Linux on multiple machines, making it ideal for network and system administrators. What is required to perform Kickstart Installation? Kickstart installations can be performed using a local CD-ROM, a local hard drive, or via NFS, FTP, or HTTP. To use kickstart, you must:    

Create a kickstart file. Create a boot diskette with the kickstart file or make the kickstart file available on the network. Make the installation tree available. Start the kickstart installation.

18.2 Setting up the Installation Server Basic Preparation In this example we are going to set up a kickstart server that will be used in RedHat Liniux 9 installations. All the necessary files will be placed in the /network-install directory.

18.2.1 Create the Installation Directories We'll first create the directories /network-install and /network-install/kickstart in which we will place the necessary files. [root@skynet tmp]# mkdir -p /network-install/kickstart Copy the Files The NFS kickstart method all require the base set of RedHat files to be installed on the kickstart server. Here's how to do it: 1. Mount your first RedHat CD ROM. [root@skynet tmp]# mount /dev/cdrom /mnt/cdrom [root@skynet tmp]# cp –r /mnt/cdrom/RedHat /network-install/ [root@skynet /]# eject 2. Mount the Second CD ROM and copy all the RPMS [root@skynet /]# cp –r /mnt/cdrom/RedHat/RPMS/* /network-install/RedHat/RPMS/ 3. Mount the Third CD ROM and copy all the RPMS [root@skynet /]# cp –r /mnt/cdrom/RedHat/RPMS/* /network-install/RedHat/RPMS/

18.2.3 Setup Your NFS Server The steps for setting up an NFS server are more complicated. 1. Create a /etc/exports file with the following entry in it. You must use tabs, not spaces between the entries /network-install

*(ro,sync)

Make sure that the portmap, nfs, nfslock and netfs daemons are all running to create an NFS server. The startup scripts for these are found in the /etc/init.d directory. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Sharing Resources Using SAMBA

Page 96 of 167

Run the exportfs command to add this directory to the NFS database of network available directories. You should also add this command to your /etc/rc.local file so that this is repeated after every reboot. [root@skynet tmp]# exportfs –ra [root@skynet tmp]# service nfs restart [root@skynet tmp]# showmount –e ## (this command should not show any RPC errors)

18.2.4 Setup DNS and DHCP servers. Note :

See later chapters for configuring DHCP and DNS for Kickstart

18.2.5 Create Kickstart Configuration Files The kickstart file is a simple text file, containing a list of items, each identified by a keyword. You can create it by editing a copy of the sample.ks file found in the RH-DOCS directory of the Red Hat Linux Documentation CD, using the Kickstart Configurator application, or writing it from scratch. The Red Hat Linux installation program also creates a sample kickstart file based on the options that you selected during installation. It is written to the file /root/anaconda-ks.cfg. You should be able to edit it with any text editor or word processor that can save files as ASCII text. You can also create a customized kickstart configuration file by using the "ksconfig (or) redhat-configkickstart" command from a GUI console. It will bring up a menu from which you can select all your installation options. When finished, you save the configuration with the filename of your choice.

18.3 Kickstart Configurator Kickstart Configurator allows you to create a kickstart file using a graphical user interface, so that you do not have to remember the correct syntax of the file. To use Kickstart Configurator, you must be running the X Window System. To start Kickstart Configurator, select the Main Menu Button (on the Panel) => System Tools => Kickstart, or type the command /usr/sbin/redhat-config-kickstart. As you are creating a kickstart file, you can select File => Preview at any time to review your current selections. 1. Basic Configuration: Choose the language to use during the installation and as the default language after installation from the Language menu. (See the figure below) Select the system keyboard type from the Keyboard menu. Choose the mouse for the system from the Mouse menu. If No Mouse is selected, no mouse will be configured. If Probe for Mouse is selected, the installation program tries to auto-detect the mouse. Probing works for most modern mice. And go through the othe options such as Time installation etc.

Zone, Language,

and

Reboot

system

after

Enter the desired root password for the system in the Root Password text entry box. To save the password as an encrypted password in the file, select Encrypt root password. Basic Configuration:

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Sharing Resources Using SAMBA

Page 97 of 167

If the encryption option is selected, when the file is saved, the plain text password that you typed will be encrypted and written to the kickstart file. Do not type an already encrypted password and select to encrypt it. 2. Installation Method: The Installation Method screen allows you to choose whether to perform a new installation or an upgrade. If you choose upgrade, the Partition Information and Package Selection options will be disabled. They are not supported for kickstart upgrades.

Also choose the opropriate kickstart installation to perform from this screen. You can choose from the following options: CD-ROM, NFS, HTTP or Hard Drive. In our example we are going to perform over the NFS so choose NFS.

3. Boot Loader Options:

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Sharing Resources Using SAMBA

Page 98 of 167

You have the option of installing GRUB or LILO as the boot loader. Its recommended that you choose defaults i.e install a boot loader, Use GRUB for the boot loader and Install Boot loader on Master Boot Record MBR. See the following figure:

4. Creating Partitions: To create a partition, click the Add button. The Partition Options window shown in following figure. Choose mount point, file system type, and partition size for the new partition. 

In the Additional Size Options section, choose to make the partition a fixed size, up to a chosen size, or fill the remaining space on the hard drive. If you selected swap as the file system type, you can select to have the installation program create the swap partition with the recommended size instead of specifying a size.

 

Force the partition to be created as a primary partition. Create the partition on a specific hard drive. For example, to make the partition on the first IDE hard disk (/dev/hda), specify hda as the drive. Do not include /dev in the drive name. Use an existing partition. For example, to make the partition on the first partition on the first IDE hard disk (/dev/hda1), specify hda1 as the partition. Do not include /dev in the partition name. Format the partition as the chosen file system type.

 

5. Network Configuration: www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Sharing Resources Using SAMBA

Page 99 of 167

For each Ethernet card on the system, click Add Network Device and select the network device and network type of the device. Select eth0 as the network device for the first Ethernet card, select eth1 for the second Ethernet card, and so on. 6. Authentication: In the Authentication section, select whether to use shadow passwords and MD5 encryption for user passwords. These options are highly recommended and chosen by default. The Authentication Configuration options allow you to configure the following methods of authentication: NIS, LDAP, Kerberos 5, Hesiod, SMB, and Name Switch Cache. 7. Firewall Configuration: The Firewall Configuration window is identical to the screen in the Red Hat Linux installation program and the Security Level Configuration Tool, with the same functionality. Note: It is strongly recommended that you choose Firewall Configuration as Disabled. RedHat recommends that you configure the firewall settings manually after the installation. See Chapter 20 IPTABLES for more information. 8. X Configuration: The first step in configuring X is to choose the default color depth and resolution. Select them from their respective pull down menus. Be sure to specify a color depth and resolution that is compatible with the video card and monitor for the system. 9. Package Selection: The Package Selection window allows you to choose which package groups to install. There are also options available to resolve and ignore package dependencies automatically. Currently, Kickstart Configurator does not allow you to select individual packages. 10. Pre-Installation Script You can add commands to run on the system immediately after the kickstart file has been parsed and before the installation begins. If you have configured the network in the kickstart file, the network is enabled before this section is processed. To include a pre-installation script, type it in the text area. 11. Post-Installation Script You can also add commands to execute on the system after the installation is completed. If the network is properly configured in the kickstart file, the network is enabled, and the script can include commands to access resources on the network. To include a post-installation script, type it in the text area. Now save the settings under /network-install/kickstart/ks.cfg. You may want to then edit the configuration file and comment out certain parameters that may change from system to system with ”#". These could include things like the system's name and IP address. During the kickstart process you will be prompted for these unspecified values. Configuring the Filename Automatically 1. Place your kickstart file in the /network-install/kickstart directory. 2. Edit your /etc/dhcpd.conf file and add the following lines to the section for the interface that will be serving DHCP IP addresses. filename "/network-install/kickstart/ks.cfg"; next-server 192.168.1.100 Note: Here 192.168.1.100 is the Kickstart server’s IP address. If you don’t setup this in /etc/dhcpd.conf file then the installation client will ask you for the location of the Kickstart server and method of installation. 3. Now on the client side insert the boot floppy or CD into the kickstart client and at the boot: prompt type in the following command: boot: linux ks Kickstart will first search for a configuration file named ks.cfg on either the boot CD / floppy. It will then automatically attempt to get a DHCP IP address and see if the DHCP server will specify a configuration file. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Sharing Resources Using SAMBA

Page 100 of 167

Kickstart will then use NFS to get both the configuration file and the installation files. The rest should be automatic.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – SQUID Proxy

Page 101 of 167

19. SQUID Proxy server 19.1 Introduction to SQUID Two important goals of squid are to:  

Reduce Internet bandwidth charges Limit access to the Web to only authorized users.

Users configure their web browsers to use the Squid proxy server instead of going to the web directly. The Squid server then checks its web cache for the web information requested by the user. It will return any matching information that finds in its cache, and if not, it will go to the web to find it on behalf of the user. Once it finds the information, it will populate its cache with it and also forward it to the user's web browser. As you can see, this reduces the amount of data accessed from the web. Another advantage is that you can configure your firewall to only accept HTTP web traffic from the Squid server and no one else. Squid can then be configured to request usernames and passwords for each user that users its services. This provides simple access control to the Internet. Install the Squid package from the 3rd CD of RedHat9 distribution. Note: Before we configure a PROXY server its compulsory that you configure Internet connection either by using a Leased line or by using PPP Dial-out server. If the ISP connection we have is a Leased line or Cable connection, simply configure /etc/resolv.conf with your ISP’s DNS and nameserver . In case you are using a modem Dial-out server to connect to the ISP, use kppp Dial-out configuration GUI utility.

19.2 Configuring SQUID Start the SQUID service Use the chkconfig to configure Squid to start at boot: [root@skynet tmp]# chkconfig squid on Use the service command can be used to start/stop/restart Squid after booting [root@skynet tmp]# service squid start [root@skynet tmp]# service squid stop [root@skynet tmp]# service squid restart You can test whether the Squid process is running with the following command, you should get a response of plain old process ID numbers: [root@skynet tmp]# pgrep squid

19.2.1 The /etc/squid/squid.conf File The main Squid configuration file is squid.conf which we'll discuss in detail in following sections. Activating Configuration Changes Like most Linux applications, Squid needs to be restarted in order for changes to the configuration file can take effect. The Visible Host Name Note: Older versions of Squid will fail to start if you don't give your server a hostname. You can set this with the "visible_hostname" parameter in /etc/squid/squid.conf. Here we set it to the real name of our server "wstsun1". visible_hostname wstsun1

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – SQUID Proxy

Page 102 of 167

19.2.2 Access Control Lists You can limit users' ability to browse the Internet with access control lists (ACLs). Each ACL line defines a particular type of activity, such as an access time or source network, they are then linked to an http_access statement that tells squid whether or not to deny or allow traffic that matches the ACL. Here are some guide lines that may be helpful: Squid matches each web access request it receives by checking the http_access list from top to bottom. If it finds a match, it enforces the "allow" or "deny" statement and stops reading further. You will have to be careful not to place a "deny" statement in the list that blocks a similar "allow" statement below it. The final http_access statement denies everything, so it is best to place new http_access statements above it. Squid has a minimum required set of ACL statements in the ACCESS_CONTROL section of the squid.conf file. It is best to put new customized entries right after this list to make the file easier to read.

19.2.3 Restricting Web Access by Time Access control lists can be created with time parameters. Here are some quick examples. Remember to restart Squid for the changes to take effect. Only Allow Business Hour Access from the Home Network # # Add this to the bottom of the ACL section of squid.conf # acl home_network src 192.168.1.0/24 acl business_hours time M T W H F 9:00-17:00 # # Add this at the top of the http_access section of squid.conf # http_access allow home_network business_hours Only Allow Access In The Morning # # Add this to the bottom of the ACL section of squid.conf # acl mornings time 08:00-12:00 # # Add this at the top of the http_access section of squid.conf # http_access allow mornings

Restricting Web Access By IP Address You can create an access control list (ACL) that restricts web access to users on certain networks. In this case we're creating an ACL that defines our home network of 192.168.1.0. # # Add this to the bottom of the ACL section of squid.conf # acl home_network src 192.168.1.0/255.255.255.0 You will also have to add a corresponding http_access statement that allows traffic that matches the ACL. # # Add this at the top of the http_access section of squid.conf # http_access allow home_network Remember to restart Squid for the changes to take effect. [root@skynet tmp]# service squid restart

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – SQUID Proxy

Page 103 of 167

19.2.4 Configure the Web Browsers to Use Your Squid Server If you don't have a firewall that supports redirection then you'll need to:  

Configure your firewall to only accept HTTP Internet access from the Squid server Configure your PC browser's proxy server settings manually to use the squid server using the following methods:

Internet Explorer Here's how to make these changes using Internet Explorer. 1. Click on the "Tools" item on the menu bar of the browser. 2. Click on "Internet Options" 3. Click on "Connections" 4. Click on "LAN Settings" 5. Configure with the address and TCP port (3128 default) used by your Squid server. Mozilla / Netscape Here's how to make these changes using Mozilla. Click on the "Edit" item on the menu bar of the browser. 1. Click on "Preferences" 2. Click on "Advanced" 3. Click on "Proxies" 4. Configure with the address and TCP port (3128 default) used by your Squid server under "Manual Proxy Configuration"

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – IPTABLES

Page 104 of 167

20. IPTABLES (Netfilter) 20.1 What is iptables? Originally, the most popular firewall / NAT package running on Linux was ipchains but it had a number of shortcomings. The Netfilter organization decided to create a new product called iptables in order to rectify this and developed these improvements and more: The iptables application has better integration with the Linux kernel with the capability of loading iptables specific kernel modules designed for improved speed and reliability. iptables does "stateful" packet inspection. This means that the firewall keeps track of each connection passing through it and in certain cases will view the contents of data flows in an attempt to anticipate the next action of certain protocols. This is an important feature in the support of active FTP and DNS as well as many other network services. iptables can filter packets by MAC address and the values of the flags in the TCP header. This is helpful in preventing attacks using malformed packets and in restricting access from locally attached servers to other networks in spite of what their IP addresses are. There have been improvements in system logging which now provides the option of adjusting the level of detail of the reporting. Network address translation has been improved and new support for transparent integration with web proxy programs such as Squid has been incorporated into the product. The new rate limiting feature helps iptables to block some types of denial of service (DoS) attacks

20.1.1 Overview Note: 2.4 and above kernels only. Many benefits over ipchains:    

Connection Tracking. Rate Limiting. Many more filtering options: All TCP flags, MAC address user, etc. Improved logging.

Format iptables [table] [action] [chain] [options] [target] iptables -t filter -A INPUT -m state --state NEW -p tcp -s 12.168.1.0/24 -j ACCEPT

Capabilities Table - Specifies which table the chain applies to: nat, filter, or mangle/ Action –Action to be taken on specified n/w or host. Chains - 5 Built-in chains. Names capitalized unlike IPCHAINS. # Filter Table: INPUT - All packets entering an interface that are destined for a local process use this chain. FORWARD - Only packets routed from one interface to another pass through this chain. OUTPUT - All packets leaving an interface that originated from a local process use these chains.

# Nat Table: www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – IPTABLES

Page 105 of 167

PREROUTING - Rules in this chain occur before it is determined whether the packet will use the INPUT or FORWARD chain. Destination NAT (DNAT) is configured using this chain. POSTROUTING - Rules in this chain occur after the OUTPUT and FORWARD chains. Source NAT (SNAT) is configured using this chain. Options -i = Input interface (eth0, eth1, lo) -o = Output interface (eth0, eth1, lo) -p = Protocol (udp,tcp,icmp, or the protocol number) -s = Source address of packet (192.168.1.20, 192.168.1.0/24, etc.) -d = Same as -s, only for the destination address -m = Specify an extension module to load (e.g. -m state). This must be the first option specified if it is used --sport = Source port --dport = Destination port

Targets # 3 Default Targets DROP

= DROP the packet without returning an indication that it was dropped to the source

ACCEPT = Accept the packet = A user defined chain # Additional Targets provided by modules: LOG

= Log the packet

REJECT = Reject the packet and send the source a user defined response (defaults to an icmp error message) Connection Tracking Requires state module (-m state).

Packet STATES: = A new connection

NEW

ESTABLISHED = Packet is part of an existing connection RELATED

= Packet is related to an existing connection (e.g. ICMP error messages)

INVALID

= Packet doesn't belong to any other connection

Tracking FTP Connections: Because of the nature of the FTP protocol, tracking ftp connections requires a special kernel module: ip_conntrack_ftp. If you wish to use NAT with ftp connection tracking, you must also load the ip_nat_ftp kernel module Install Iptables iptables-1.2.9-1.0.i386.rpm package from 3rd CD of RedHat distribution. Start iptables service You can start/stop/restart iptables after booting by using the following commands: [root@skynet tmp]# service iptables start [root@skynet tmp]# service iptables stop [root@skynet tmp]# service iptables restart To get iptables configured to start at boot you can use the chkconfig command. [root@skynet tmp]# chkconfig iptables on

IPTABLES Examples www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – IPTABLES

Page 106 of 167

# Set the default Policies to DENY iptables -P INPUT DENY iptables -P OUTPUT DENY iptables -P FORWARD DENY # Allow all incoming tcp connections on interface eth0 to port 80 (www) iptables -A INPUT -i eth0 -p tcp -s 0.0.0.0 --sport 1024: --dport 80 -j ACCEPT # We must also allow packets back out in order for the connection to work since we aren't using connection tracking [root@skynet tmp]#iptables -A OUTPUT -o eth0 -p tcp --sport 80 -d 0.0.0.0 -dport 1024: -j ACCEPT # Allow outgoing connections to all ports, and use connection #tracking so we don't have to create rules to allow us to receive the packets coming back. [root@skynet tmp]#iptables -A OUTPUT -m state –state NEW,ESTABLISHED,RELATED -o eth0 -p tcp --sport 1024: -j ACCEPT [root@skynet tmp]#iptables -A INPUT -m state –state ESTABLISHED,RELATED -i eth0 -p tcp --dport 1024: -j ACCEPT # Allow external access to our DNS services, and keep state on the connection. [root@skynet tmp]#iptables -A INPUT -m state –state NEW,ESTABLISHED,RELATED i eth0 -p udp --dport 53 -j ACCEPT [root@skynet tmp]#iptables -A OUTPUT -m state –state ESTABLISHED,RELATED -o eth0 -p udp --sport 53 -j ACCEPT # Redirect all incoming traffic that hits port 8080 to port 80 on a web server in our internal LAN [root@skynet tmp]#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8080 j DNAT --to 192.168.1.10:80 # Allow ICMP echo requests, but limit them to 1 per second. A burst of 3 will allow a burst of up to 3 ICMP packets before the rate limiting kicks in. [root@skynet tmp]#iptables -A INPUT -i eth0 -p icmp -s-icmp-type 8 -m state -state NEW,ESTABLISHED -m limit --limit 1/s --limit-burst 3 -j ACCEPT [root@skynet tmp]#iptables -A OUTPUT -o eth0 -p icmp -m state --state ESTABLISHED -j ACCEPT Status Messages [root@skynet tmp]# service iptables status Table: filter Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@skynet tmp]#

Saving iptable Scripts The "service iptables save" command will permanently save the iptables configuration in the /etc/sysconfig/iptables file. When the system reboots, the iptables-restore program reads the configuration and makes it the active configuration. The format of the /etc/sysconfig/iptables file is slightly different from that of the scripts shown in this document. The initialization of built in chains is automatic and the string "iptables" is omitted from the rule statements.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Linux Resorce Monitoring

Page 107 of 167

21. Linux Resource Monitoring 21.1 Resource Monitoring Commands Red Hat Linux comes with a variety of resource monitoring tools. While there are more than those listed here, these tools are representative in terms of functionality. The tools are:    

free top (and GNOME System Monitor, a more graphically oriented version of top) vmstat The Sysstat suite of resource monitoring tools

Let us look at each one in more detail.

free The free command displays system memory utilization. Here is an example of its output: total buffers cached Mem: 255508 -/+ buffers/cache: Swap: 530136

240268 146488 26268

used

free

shared

0

7592

15240 109020 503868

86188

The Mem: row displays physical memory utilization, while the Swap: row displays the utilization of the system swap space, and the -/+ buffers/cache: row displays the amount of physical memory currently devoted to system buffers. Since free by default only displays memory utilization information once, it is only useful for very short-term monitoring, or quickly determining if a memory-related problem is currently in progress. Although free has the ability to repetitively display memory utilization figures via its -s option, the output scrolls, making it difficult to easily see changes in memory utilization. A better solution than using free -s would be to run free using the watch command. For example, to display memory utilization every two seconds (the default display interval), use this command: [root@skynet tmp]#watch free The watch command issues the free command every two seconds, after first clearing the screen. This makes it much easier to see how memory utilization changes over time, as it is not necessary to scan continually scrolling output. You can control the delay between updates by using the -n option, and can cause any changes between updates to be highlighted by using the -d option, as in the following command [root@skynet tmp]#watch -n 1 -d free

top While free displays only memory-related information, the top command does a little bit of everything. CPU utilization, process statistics, memory utilization — top does it all. In addition, unlike the free command, top's default behavior is to run continuously; there is no need to use the watch command. Here is a sample display:

11:13am up 1 day, 31 min, 5 users, load average: 0.00, 0.05, 0.07 89 processes: 85 sleeping, 3 running, 1 zombie, 0 stopped CPU states: 0.5% user, 0.7% system, 0.0% nice, 98.6% idle Mem: 255508K av, 241204K used, 14304K free, 0K shrd, 16604K buff Swap: 530136K av, 56964K used, 473172K free 64724K cached PID USER 8532 ed 1520 ed www.wilshiresoft.com [email protected]

PRI

NI 16 15

0 0

SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 1156 1156 912 R 0.5 0.4 0:11 top 4084 3524 2752 S 0.3 1.3 0:00 gnomeWilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Linux Resorce Monitoring

terminal 1481 ed 15 terminal 1560 ed 15 1 root 15 2 root 15 3 root 15 4 root 34 ksoftirqd_CPU0 5 root 15 6 root 25 7 root 15 8 root 25 12 root 15 91 root 16 185 root 15 186 root 15 576 root 15

0

3716 3280

0 11216 0 472 0 0 0 0 19 0 0 0 0 0 0 0 0 0 0

Page 108 of 167

0 0 0 0 0 0 0 0 712

2736 R

0.1

1.2

0:01 gnome-

10M 432 0 0 0

4256 416 0 0 0

S S SW SW SWN

0.1 0.0 0.0 0.0 0.0

4.2 0.1 0.0 0.0 0.0

0:18 0:04 0:00 0:00 0:00

emacs init keventd kapmd

0 0 0 0 0 0 0 0 632

0 0 0 0 0 0 0 0 612

SW SW SW SW SW SW SW SW S

0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0

0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.2

0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00

kswapd bdflush kupdated mdrecoveryd kjournald khubd kjournald kjournald dhcpcd

The display is divided into two sections. The top section contains information related to overall system status — uptime, load average, process counts, CPU status, and utilization statistics for both memory and swap space. The lower section displays process-level statistics, the exact nature of which can be controlled while top is running.

The GNOME System Monitor — A Graphical top If you are more comfortable with graphical user interfaces, the GNOME System Monitor may be more to your liking. Like top, the GNOME System Monitor displays information related to overall system status, process counts, memory and swap utilization, and process-level statistics. However, the GNOME System Monitor goes a step further by also including graphical representations of CPU, memory, and swap utilization, along with a tabular disk space utilization listing. Here is an example of the GNOME System Monitor's Process Listing display:

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Linux Resorce Monitoring

Page 109 of 167

The GNOME System Monitor Process Listing Display Additional information can be displayed for a specific process by first clicking on the desired process and then clicking on the More Info button. To view the CPU, memory, and disk usage statistics, clicks on the System Monitor tab.

vmstat For a more concise view of system performance, try vmstat. Using this resource monitor, it is possible to get an overview of process, memory, swap, I/O, system, and CPU activity in one line of numbers: procs cpu r b w sy id 1 0 0 3 87

memory swpd

free

buff

swap

io

system

cache

si

so

bi

bo

in

cs

us

0 524684 155252 338068

0

0

1

6

111

114

10

The process-related fields are: r — The number of runnable processes waiting for access to the CPU b — The number of processes in an uninterruptible sleep state w — The number of processes swapped out, but runnable The memory-related fields are: swpd — The amount of virtual memory used free — The amount of free memory buff — The amount of memory used for buffers cache — The amount of memory used as page cache The swap-related fields are: si — The amount of memory swapped in from disk so — The amount of memory swapped out to disk The I/O-related fields are: bi — Blocks sent to a block device bo— Blocks received from a block device The system-related fields are: in — The number of interrupts per second cs — The number of context switches per second The CPU-related fields are: us — The percentage of the time the CPU ran user-level code sy — The percentage of the time the CPU ran system-level code id — The percentage of the time the CPU was idle When vmstat is run without any options, only one line is displayed. This line contains averages, calculated from the time the system was last booted. However, most system administrators do not rely on the data in this line, as the time over which it was collected varies. Instead, most administrators take advantage of vmstat's ability to repetitively display resource utilization data at set intervals. For example, the command vmstat 1 displays one new line of utilization data every second, while the command vmstat 1 10 displays one new line per second, but only for the next ten seconds. In the hands of an experienced administrator, vmstat can be used to quickly determine resource utilization and performance issues. But to gain more insight into those issues, a different kind of tool is required — a tool capable of more in-depth data collection and analysis.

pstree Gives a hierarchical structure of all currently running processs:

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Linux Resorce Monitoring

Page 110 of 167

21.2 The proc File System The Linux kernel has two primary functions: to control access to physical devices on the computer and to schedule when and how processes interact with these devices. The /proc/ directory contains a hierarchy of special files which represent the current state of the kernel -allowing applications and users to peer into the kernel's view of the system. Within the /proc/ directory, one can find a wealth of information detailing the system hardware and any processes currently running. In addition, some of the files within the /proc/ directory tree can be manipulated by users and applications to communicate configuration changes to the kernel.

A Virtual File System Under Linux, all data are stored as files. Most users are familiar with the two primary types of files: text and binary. But the /proc/ directory contains another type of file called a virtual file. It is for this reason that /proc/ is often referred to as a virtual file system. These virtual files have unique qualities. Most of them are listed as zero bytes in size and yet when one is viewed, it can contain a large amount of information. In addition, most of the time and date settings on virtual files refiect the current time and date, indicative of the fact they are constantly updated. Virtual files such as /proc/interrupts, /proc/meminfo, /proc/mounts, and /proc/partitions provide an up-to-themoment glimpse of the system's hardware. Others, like /proc/filesystems and the /proc/sys/ directory provide system configuration information and interfaces. For organizational purposes, files containing information on a similar topic are grouped into virtual directories and sub-directories. For instance, /proc/ide/ contains information for all physical IDE devices. Likewise, process directories contain information about each running process on the system. Viewing Virtual Files By using the cat, more, or less commands on files within the /proc/ directory, users can immediately access an enormous amount of information about the system. For example, to display the type of CPU a computer has, type cat /proc/cpuinfo to receive output similar to the following: www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Linux Resorce Monitoring

Page 111 of 167

processor : 0 vendorfiid : AuthenticAMD cpu family : 5 model : 9 model name : AMD-K6(tm) 3D+ Processor stepping : 1 cpu MHz : 400.919 cache size : 256 KB fdivfibug : no hltfibug : no f00ffibug : no comafibug : no fpu : yes fpufiexception : yes cpuid level : 1 wp : yes flags : fpu vme de pse tsc msr mce cx8 pge mmx syscall 3dnow k6fimtrr bogomips : 799.53 When viewing different virtual files in the /proc/ file system, some of the information is easily understandable while some is not human-readable. This is in part why utilities exist to pull data from virtual files and display it in a useful way. Examples of these utilities include lspci, apm, free, and top. As a general rule, most virtual files within the /proc/ directory are read only. However, some can be used to adjust settings in the kernel. This is especially true for files in the /proc/sys/ subdirectory.

21.2.1 Top-level Files in the proc File System Below is a list of some of the more useful virtual files in the top-level of the /proc/ directory. Note: In most cases, the content of the files listed in this section will not be the same on your machine. This is because much of the information is specific to the hardware on which Red Hat Linux is running. /proc/cmdline This file shows the parameters passed to the kernel at the time it is started. A sample /proc/cmdline file looks like this: ro root=/dev/hda2 This tells us that the kernel is mounted read-only (signified by (ro)) off of the second partition on the first IDE device (/dev/hda2). /proc/cpuinfo This virtual file identifies the type of processor used by your system. The following is an example of the output typical of /proc/cpuinfo: processor : 0 vendorfiid : AuthenticAMD cpu family : 5 model : 9 model name : AMD-K6(tm) 3D+ Processor stepping : 1 cpu MHz : 400.919 cache size : 256 KB fdivfibug : no hltfibug : no 46 Chapter 5. The proc File System f00ffibug : no comafibug : no fpu : yes fpufiexception : yes cpuid level : 1 wp : yes www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Linux Resorce Monitoring

Page 112 of 167

flags : fpu vme de pse tsc msr mce cx8 pge mmx syscall 3dnow k6fimtrr bogomips : 799.53 processor - Provides each processor with an identifying number. On systems that have one processor, there will be only a 0. cpu family - Authoritatively identifies the type of processor you have in the system. For an Intel-based system, place the number in front of "86" to determine the value. This is particularly helpful for those attempting to identify the architecture of an older system such as a 586, 486, or 386. Because some RPM packages are compiled for each of these particular architectures, this value also helps users determine which packages to install. model name - Displays the common name of the processor, including its project name. cpu MHz - Shows the precise speed in megahertz for the processor to the thousandth decimal point. cache size - Displays the amount of level 2 memory cache available to the processor. flags - Defines a number of different qualities about the processor, such as the presence of a fioating point unit (FPU) and the ability to process MMX instructions. /proc/devices This file displays the various character and block devices currently configured (not include devices whose modules are not loaded). Below is a sample output from this file: Character devices: 1 mem 2 pty 3 ttyp 4 ttyS 5 cua 7 vcs 10 misc 14 sound 29 fb 36 netlink 128 ptm 129 ptm 136 pts 137 pts 162 raw 254 iscsictl Block devices: 1 ramdisk 2 fd 3 ide0 9 md 22 ide1 /proc/filesystems This file displays a list of the file system types currently supported by the kernel. Sample output from a generic /proc/filesystems looks similar to this: nodev rootfs nodev bdev nodev proc nodev sockfs nodev tmpfs nodev shm nodev pipefs ext2 nodev ramfs iso9660 nodev devpts www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Linux Resorce Monitoring

Page 113 of 167

ext3 nodev autofs nodev binfmtfimisc The first column signifies whether the file system is mounted on a block device. Those beginning with nodev are not mounted on a device. The second column lists the names of the file systems supported. The mount command cycles through these file systems listed here when one is not specified as an argument. /proc/interrupts This file records the number of interrupts per IRQ on the x86 architecture. A standard /proc/interrupts looks similar to this: CPU0 0: 80448940 XT-PIC timer 1: 174412 XT-PIC keyboard 2: 0 XT-PIC cascade 8: 1 XT-PIC rtc 10: 410964 XT-PIC eth0 12: 60330 XT-PIC PS/2 Mouse 14: 1314121 XT-PIC ide0 15: 5195422 XT-PIC ide1 NMI: 0 ERR: 0 For a multi-processor machine, this file may look slightly different: CPU0 CPU1 0: 1366814704 0 XT-PIC timer 1: 128 340 IO-APIC-edge keyboard 2: 0 0 XT-PIC cascade 8: 0 1 IO-APIC-edge rtc 12: 5323 5793 IO-APIC-edge PS/2 Mouse 13: 1 0 XT-PIC fpu 16: 11184294 15940594 IO-APIC-level Intel EtherExpress Pro 10/100 Ethernet 20: 8450043 11120093 IO-APIC-level megaraid 30: 10432 10722 IO-APIC-level aic7xxx 31: 23 22 IO-APIC-level aic7xxx NMI: 0 ERR: 0 The first column refers to the IRQ number. Each CPU in the system has its own column and its own number of interrupts per IRQ. The next column reports the type of interrupt, and the last column contains the name of the device that is located at that IRQ. Each of the types of interrupts seen in this file, which are architecture-specific, mean something a little different. For x86 machines, the following values are common: XT-PIC- This is the old AT computer interrupts. IO-APIC-edge - The voltage signal on this interrupt transitions from low to high, creating an edge, where the interrupt occurs and is only signaled once. This kind of interrupt, as well as the IO-APIC- level interrupt, are only seen on systems with processors from the 586 family and higher. IO-APIC-level - Generates interrupts when its voltage signal goes high until the signal goes low again.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Backups

Page 114 of 167

22. Backups 22.1 Introduction Backups have two major purposes:  

To permit restoration of individual files To permit wholesale restoration of entire file systems

The first purpose is the basis for the typical file restoration request: a user accidentally deletes a file and asks that it be restored from the latest backup. The exact circumstances may vary somewhat, but this is the most common day-to-day use for backups. The second situation is a system administrator's worst nightmare: for whatever reason, the system administrator is staring at hardware that used to be a productive part of the data center. Now, it is little more than a lifeless chunk of steel and silicon. The thing that is missing is all the software and data you and your users have assembled over the years. Supposedly everything has been backed up. The question is: has it? And if it has, can yourestore it?

22.2 Different Data: Different Backup Needs The pace at which data changes is crucial to the design of a backup procedure. There are two reasons for this:  

A backup is nothing more than a snapshot of the data being backed up. It is a reflection of that data at a particular moment in time. Data that changes infrequently can be backed up infrequently, while data that changes often must be backed up more frequently.

System administrators that have a good understanding of their systems, users, and applications should be able to quickly group the data on their systems into different categories. However, here are some examples to get you started: Operating System This data normally only change during upgrades, the installation of bug fixes, and any site-specific modifications Application Software This data changes whenever applications are installed, upgraded, or removed. Application Data This data changes as frequently as the associated applications are run. Depending on the specific application and your organization, this could mean that changes take place second-by-second or once at the end of each fiscal year. User Data This data changes according to the usage patterns of your user community. In most organizations, this means that changes take place all the time. Based on these categories (and any additional ones that are specific to your organization), you should have a pretty good idea concerning the nature of the backups that are needed to protect your data.

22.3 Types of Backups If you were to ask a person that was not familiar with computer backups, most would think that a backup was just an identical copy of all the data on the computer. In other words, if a backup was created Tuesday evening, and nothing changed on the computer all day Wednesday, the backup created Wednesday evening would be identical to the one created on Tuesday. While it is possible to configure backups in this way, it is likely that you would not. To understand more about this, we must first understand the different types of backups that can be created. They are: 

Full backups

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Backups

 

Page 115 of 167

Incremental backups Differential backups

22.3.1 Full Backups The type of backup that was discussed at the beginning of this section is known as a full backup. A full backup is a backup where every single file is written to the backup media. As noted above, if the data being backed up never changes, every full backup being created will be the same. That similarity is due to the fact that a full backup does not check to see if a file has changed since the last backup; it blindly writes everything to the backup media whether it has been modified or not. This is the reason why full backups are not done all the time — every file is written to the backup media. This means that a great deal of backup media is used even if nothing has changed. Backing up 100 gigabytes of data each night when maybe 10 megabytes worth of data has changed is not a sound approach; that is why incremental backups were created.

22.3.2 Incremental Backups Unlike full backups, incremental backups first look to see whether a file's modification time is more recent than its last backup time. If it is not, the file has not been modified since the last backup and can be skipped this time. On the other hand, if the modification date is more recent than the last backup date, the file has been modified and should be backed up. Incremental backups are used in conjunction with a regularly-occurring full backup (for example, a weekly full backup, with daily incrementals). The primary advantage gained by using incremental backups is that the incremental backups run more quickly than full backups. The primary disadvantage to incremental backups is that restoring any given file may mean going through one or more incremental backups until the file is found. When restoring a complete file system, it is necessary to restore the last full backup and every subsequent incremental backup. In an attempt to alleviate the need to go through every incremental backup, a slightly different approach was implemented. This is known as the differential backup.

22.3.3 Differential Backups Differential backups are similar to incremental backups in that both backup only modified files. However, differential backups are cumulative — in other words, with a differential backup, once a file has been modified it continues to be included in all subsequent differential backups (until the next, full backup, of course). This means that each differential backup contains all the files modified since the last full backup, making it possible to perform a complete restoration with only the last full backup and the last differential backup. Like the backup strategy used with incremental backups, differential backups normally follow the same approach: a single periodic full backup followed by more frequent differential backups. The effect of using differential backups in this way is that the differential backups tend to grow a bit over time (assuming different files are modified over the time between full backups). This places differential backups somewhere between incremental backups and full backups in terms of backup media utilization and backup speed, while often providing faster single-file and complete restorations (due to fewer backups to search/restore). Given these characteristics, differential backups are worth careful consideration.

22.4. Backup Media We have been very careful to use the term "backup media" throughout the previous sections. There is a reason for that. Most experienced system administrators usually think about backups in terms of reading and writing tapes, but today there are other options. At one time, tape devices were the only removable media devices that could reasonably be used for backup purposes. However, this has changed. In the following sections we look at the most popular backup media, and review their advantages as well as their disadvantages.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Backups

Page 116 of 167

Tape Tape was the first widely-used removable data storage medium. It has the benefits of low media cost and reasonably-good storage capacity. However, tape has some disadvantages — it is subject to wear, and data access on tape is sequential in nature. These factors mean that it is necessary to keep track of tape usage (retiring tapes once they have reached the end of their useful life), and that searching for a specific file on tape can be a lengthy proposition. On the other hand, tape is one of the most inexpensive mass storage media available, and it has a long history of reliability. This means that building a good-sized tape library need not consume a large part of your budget, and you can count on it being usable now and in the future.

Disk In years past, disk drives would never have been used as a backup medium. However, storage prices have dropped to the point where, in some cases, using disk drives for backup storage does make sense. The primary reason for using disk drives as a backup medium would be speed. There is no faster mass storage medium available. Speed can be a critical factor when your data center's backup window is short, and the amount of data to be backed up is large.     

But disk storage is not the ideal backup medium, for a number of reasons: Disk drives are not normally removable. Disk drives are expensive Disk drives are fragile. Even if you spend the extra money for removable disk drives, their fragility can be a problem. Disk drives are not archival media.

Network By itself, a network cannot act as backup media. But combined with mass storage technologies, it can serve quite well. For instance, by combining a high-speed network link to a remote data center containing large amounts of disk storage, suddenly the disadvantages about backing up to disks mentioned earlier are no longer disadvantages. By backing up over the network, the disk drives are already off-site, so there is no need for transporting fragile disk drives anywhere. With sufficient network bandwidth, the speed advantage you can get from backing up to disk drives is maintained. However, this approach still does nothing to address the matter of archival storage (though the same "spin off to tape after the backup" approach mentioned earlier can be used). In addition, the costs of a remote data center with a high-speed link to the main data center make this solution extremely expensive. But for the types of organizations that need the kind of features this solution can provide, it is a cost they gladly pay.

22.5 Red Hat Linux-Specific Information (applies to all versions) There is little about the general topic of disasters and disaster recovery that has a direct bearing on any specific operating system. After all, the computers in a flooded data center will be inoperative whether they run Red Hat Enterprise Linux or some other operating system. However, there are parts of Red Hat Linux that relate to certain specific aspects of disaster recovery; these are discussed in this section.

22.5.1 Software Support As a software vendor, Red Hat does have a number of support offerings for its products, including Red Hat Linux. You are using the most basic support tool right now by reading this manual. Documentation for Red Hat Linux is available on the Red Hat Linux Documentation CD (which can also be installed on your system for fast access), in printed form. Self support options are available via the many mailing lists hosted by Red Hat (available at ). These mailing lists take advantage of the combined knowledge of www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Backups

Page 117 of 167

Red Hat's user community; in addition, many lists are monitored by Red Hat personnel, who contribute as time permits. Other resources are available from Red Hat's main support page at . More comprehensive support options exist; information on them can be found on the Red Hat website.

22.5.2 Backup Utilities Red Hat Linux comes with several different programs for backing up and restoring data. By themselves, these utility programs do not constitute a complete backup solution. However, they can be used as the nucleus of such a solution.

tar The tar utility is well known among UNIX system administrators. It is the archiving method of choice for sharing ad-hoc bits of source code and files between systems. The tar implementation included with Red Hat Enterprise Linux is GNU tar, one of the more feature-rich tar implementations. Using tar, backing up the contents of a directory can be as simple as issuing a command similar to the following: tar cf /mnt/backup/home-backup.tar /home/ This command creates an archive file called home-backup.tar in /mnt/backup/. The archive contains the contents of the /home/ directory. The resulting archive file will be nearly as large as the data being backed up. Depending on the type of data being backed up, compressing the archive file can result in significant size reductions. The archive file can be compressed by adding a single option to the previous command: tar czf /mnt/backup/home-backup.tar.gz /home/

cpio The cpio utility is another traditional UNIX program. It is an excellent general-purpose program for moving data from one place to another and, as such, can serve well as a backup program. The behavior of cpio is a bit different from tar. Unlike tar, cpio reads the names of the files it is to process via standard input. A common method of generating a list of files for cpio is to use programs such as find whose output is then piped to cpio: find /home/ | cpio -o > /mnt/backup/home-backup.cpio

This following command creates a cpio archive file (containing the everything in /home/) called home-backup.cpio and residing in the /mnt/backup/ directory. find /home/ -atime +365 | cpio -o > /mnt/backup/home-backup.cpio

AMANDA AMANDA (The Advanced Maryland Automatic Network Disk Archiver) is a client/server based backup application produced by the University of Maryland. By having a client/server architecture, a single backup server (normally a fairly powerful system with a great deal of free space on fast disks and configured with the desired backup device) can back up many client systems, which need nothing more than the AMANDA client software. This approach to backups makes a great deal of sense, as it concentrates those resources needed for backups in one system, instead of requiring additional hardware for every system requiring backup services. AMANDA's design also serves to centralize the administration of backups, making the system administrator's life that much easier. The AMANDA server manages a pool of backup media and rotates usage through the pool in order to ensure that all backups are retained for the administrator-dictated retention period. All media is pre-formatted with data that www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Backups

Page 118 of 167

allows AMANDA to detect whether the proper media is available or not. In addition, AMANDA can be interfaced with robotic media changing units, making it possible to completely automate backups. In operation, AMANDA is normally scheduled to run once a day during the data center's backup window. The AMANDA server connects to the client systems and directs the clients to produce estimated sizes of the backups to be done. Once all the estimates are available, the server constructs a schedule, automatically determining the order in which systems are to be backed up. Once the backups actually start, the data is sent over the network from the client to the server, where it is stored on a holding disk. Once a backup is complete, the server starts writing it out from the holding disk to the backup media. At the same time, other clients are sending their backups to the server for storage on the holding disk. This results in a continuous stream of data available for writing to the backup media. As backups are written to the backup media, they are deleted from the server's holding disk. Once all backups have been completed, the system administrator is emailed a report outlining the status of the backups, making review easy and fast. Should it be necessary to restore data, AMANDA contains a utility program that allows the operator to identify the file system, date, and file name(s). Once this is done, AMANDA identifies the correct backup media and then locates and restores the desired data. As stated earlier, AMANDA's design also makes it possible to restore data even without AMANDA's assistance, although identification of the correct media would be a slower, manual process.

dump/restore The dump and restore programs are Linux equivalents to the UNIX programs of the same name. As such, many system administrators with UNIX experience may feel that dump and restore are viable candidates for a good backup program under Red Hat Enterprise Linux. However, one method of using dump can cause problems. The dump(8) and restore(8) commands have traditionally been used on the BSD systems to backup and restore filesystems. Dump backups a filesystem as a whole into an ``archive'', and restore retrieves files from it. Although the archive may be created as a regular file on a regular filesystem, it is usually stored on an external backup device such as a magnetic tape. Some features are implemented in dump to support such devices.

22.6 Working with “dump/restore” The “dump” handles a physical filesystem as an archiving target and the restore command usually uses the archive to restore the filesystem as it was dumped. Each file is managed by the i-node number and, basically, dump cannot exclude specific files from the archive. Dump is indeed a simplistic and primitive tool, but it does come with a brilliant feature for incremental archiving. It identifies newly created or modified files after the previous backup and efficiently stores them to an archive very fast. For example, suppose a file `foo' was backed up during the last archiving and removed afterwards. On the next incremental archiving, dump puts the record in the archive as `there used to be a file foo, but it was removed'. If you use tar for your regular incremental backup tasks and attempt a full restoration one day, you may run out of the disk space by trying to restore a large number of files that had already been removed. With dump, you will never face such a problem. In summary, it would be fair to say cpio, tar or afio is suitable for archiving specific files or directories. Note: Dump is suitable for archiving whole filesystems and is Not Recommended for Mounted File Systems!

Tape Device files The Linux kernel provides the drivers for the tape devices. Please build the proper driver for your device when compiling your kernel. You may also use loadable module, if you prefer. Then, check the device files. % ls -l /dev/*st[0-9] www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Backups

crw-rw-rwcrw-rw---crw-rw-rwcrw-rw----

1 1 1 1

Page 119 of 167

root root root root

disk disk disk disk

9, 128 Oct 9, 129 Oct 9, 0 Oct 9, 1 Oct

5 5 5 5

1995 1995 1995 1995

/dev/nst0 /dev/nst1 /dev/st0 /dev/st1

There should be two kinds of device files: /dev/nst? and /dev/st? (if not, make them with MAKEDEV command). st? are ``auto-rewind'' devices, which rewind the tape after the command is invoked to the driver, and nst? are ``no-rewind'' devices. Which to use is your choice, but I prefer the no rewind ones. In this document, /dev/nst0 is used as the target device. When the target device is chosen, you may want to create the symlink to it named ``/dev/tape''. With this, you can omit the device name on the command lines of mt and others. % cd /dev; ln -s nst0 tape If you intend to use the tape drive for the backup only, you should consider limiting the access to it. To do this, remove the read/write permissions for `Others'. In the above example, the first tape drive is accessible to normal users, and the second drive is backup purposes only, to which the access is prohibited except for the owner and the users belonging to the `disk' group.

22.6.1 Making backups with dump USAGE: dump `option' `parameter' `filesystem' - Options 0-9 : dump level B : number of records per volume b : blocksize per record (KB) h : dump level below which the nodump attribute affects f : output file (tape) d : tape density n : notify to the operator s : tape length u : update /etc/dumpdates T : specify the date to record in /etc/dumpdates W : print the filesystems to be dumped with marks w : print the filesystems which need to be dumped - parameters Specify the parameters corresponding to the options in sequence. For example, if the option is ``sbf'', the following parameters should be the order: dump sbf `tape length' `blocksize' `filesystem' `output file' - filesystem mount point or a device name of the filesystem to dump It's interesting to use the dump backup program if you want to take advantage of its several levels of backup procedures. Given below is a procedure to have a longer backup history and to keep both the backup and restore times to a minimum. In the following example, we assume that the backup is written to a tape drive named /dev/st0 and we backup the home directory /home of our system. It is important to always start with a level 0 backup, for example: [root@skynet] /# dump -0u -f /dev/st0 /home DUMP: Date of this level 0 dump: Fri Jan 28 21:25:12 2000 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/sda6 (/home) to /dev/st0 DUMP: mapping (Pass I) [regular files] DUMP: mapping (Pass II) [directories] DUMP: estimated 18582 tape blocks on 0.48 tape(s). DUMP: Volume 1 started at: Fri Jan 28 21:25:14 2000 DUMP: dumping (Pass III) [directories] DUMP: dumping (Pass IV) [regular files] DUMP: DUMP: 18580 tape blocks on 1 volume(s) DUMP: finished in 4 seconds, throughput 4645 KBytes/sec DUMP: Volume 1 completed at: Fri Jan 28 21:25:18 2000 DUMP: Volume 1 took 0:00:04 DUMP: Volume 1 transfer rate: 4645 KB/s www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Backups

DUMP: DUMP: DUMP: DUMP: DUMP: DUMP:

Page 120 of 167

level 0 dump on Fri Jan 28 21:25:12 2000 DUMP: Date of this level 0 dump: Fri Jan 28 21:25:12 2000 DUMP: Date this dump completed: Fri Jan 28 21:25:18 2000 DUMP: Average transfer rate: 4645 KB/s Closing /dev/st0 DUMP IS DONE

-0 to -9 is the backup level option you want to use, the u option means to update the file /etc/dumpdates after a successful dump, the -f option to write the backup to file The file may be a special device file like /dev/st0, a tape drive, /dev/rsd1c, a disk drive Finally, you must specify what you want to backup. In our example, it is the /home directory /home. The full backup should be done at set intervals, say once a month, and on a set of fresh tapes that are saved forever. With this kind of procedure, you will have 12 tapes for 12 months that handle histories and changes of your system for one year. Later, you can copy the 12 tape backups onto a different computer designated to keep all yearly backups for a long time and be able to reuse them, 12 tapes, to repeat the procedure for a new year.

22.6.2 Restoring files with “restore” command The restore command performs the inverse function of dump(8). It restores files or file systems from backups made with dump. A full backup of a file system may be restored, and subsequent incremental backups layered on top of it. Single files and directory sub-trees may be restored from full, or partial backups. You have a number of possibile commands and options to restore backed up data with the dump program. Below, detailed is a procedure that uses the full potential of the restore program with the most options possible. It is also done in interactive mode. In an interactive restoration of files from a dump, the restore program provides a shell like interface that allows the user to move around the directory tree selecting files to be extracted, after reading in the directory information from the dump. The following is what we will see if we try to restore our /home directory: First of all, with the following command we must move to the partition file system where we want to restore our backup. This is required, since the interactive mode of the restore program will restore our backups from the current partition file system where we have executed the restore command. [root@skynet] /# cd /home To restore files from a dump in interactive mode, use the following command: [root@skynet /home]# restore -i -f restore >

/dev/st0

A prompt will appear in your terminal, to list the current, or specified, directory. Use the ls command as shown below: restore > ls .: admin/ lost+found/ restore >

named/

quota.group

quota.user

accounts/

To change the current working directory to the specified one, use the cd commands. In our example, we change to accounts directory, as shown below: restore > cd accounts restore > ls ./accounts: .Xdefaults .bash_logout .bash_history .bash_profile restore >

.bashrc Personal/

To add the current directory or file to the list of files to be extracted, use the add command. If a directory is specified, then it and all its descendents are added to the extraction list as shown below: restore > add Personal/ Files that are on the extraction list are prepended with a * when they are listed by the ls command: restore > ls ./accounts: www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Backups

Page 121 of 167

.Xdefaults .bash_logout .bashrc .bash_history .bash_profile

*Personal/

To delete the current directory or specified argument from the list of files to be extracted, use the delete command. If a directory is specified, then all its descendents including itself are deleted from the extraction list, as shown below: restore > cd Personal/ restore > ls ./accounts/Personal: *Ad?le_Nakad.doc *BIMCOR/ *My Webs/ *Contents.doc *Divers.doc *Linux/

*Overview.doc *Resume/ *SAMS/ *Templates/ *bruno universite.doc *My Pictures/

restore > delete Resume/ restore > ls ./accounts/Personal: *Ad?le_Nakad.doc *BIMCOR/ *My Webs/ *Contents.doc *Divers.doc *Linux/

*Overview.doc Resume/ *SAMS/ *Templates/ *bruno universite.doc *My Pictures/

The most expedient way to extract most of the files from a directory is to add the directory to the extraction list and then delete those files that are not needed. To extract all files in the extraction list from the dump, use the extract command. Restore will ask which volume the user wishes to mount. The fastest way to extract a few files is to start with the last volume and work towards the first volume, as shown below: restore > extract You have not read any tapes yet. Unless you know which volume your file(s) are on you should start with the last volume and work towards the first. Specify next volume #: 1 set owner/mode for '.'? [yn] y To exit from the interactive restore mode after you have finished extracting your directories or files, use the quit command as shown below. /sbin/restore > quit Other methods of restoration exist with the dump program, consult the man page of dump for more information. Further documentation, for more details, there are man pages you can read: dump(8)and restore(8).

22.7 Managing the tape “mt” Command The mt command is a utility to manipulate tape drives. With mt, you can rewind/forward/position the tape, as well as check the drive status. It is a must-have tool if you want to use dump/restore with tape drives. If possible, it is a good idea to prepare a tape for training purposes, and practice around with it. Some commands of mt are drivedependent, so please read the manual carefully to know which commands are available for your drive. mt Operations

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Backups

Page 122 of 167

Insert a tape (for practice purpose, if possible) into your drive. After the tape has been loaded, let us confirm the tape status. mt status command can be used to do this. Here is an example: % mt status SCSI 1 tape drive: File number=0, block number=0. Tape block size 1024 bytes. Density code 0x0 (default). Soft error count since last status=0 General status bits on (41010000): BOT ONLINE IM_REP_EN First of all, look at the bottom line. This means that the drive has a tape loaded, and the status BOT indicates that the drive head is at the beginning of the tape. Next word "ONLINE" indicates that the tape drive is ready to be operated (by mt). The drive status must be "ONLINE" before read / write operations. Next, see the third line. It shows that the current file number is zero. File number zero corresponds to the beginning of the tape, and is incremented as passing the End-Of-File (EOF) marks on the tape.

Normally, you don't have to set tape density and tape block size parameters, because these will be automatically set to suit your drive. If you want to read/write the tape on other OS's also, you may want to set these parameters explicitly for portability. If your drive supports compression feature and you want to use it, you have to pass the "compression" flag explicitly to the drive by mt. These hardware specific parameters are strongly dependent on the drive you use. Please refer to the mt(1) manual page (items on defsetblk, setblk, defcompression, datcompression and compression), and the manual of your drive. If "mt status" outputs an error message as follows, chances are that the link /dev/tape doesn't point to the device file of your drive correctly. /dev/nst0: No such device or address In this case, try other tape-device files by -f option. After finding the right one, fix the link to point to it. Now you can try writing some files to your tape. Create a directory for practice in an appropriate place. Generate six dummy files (from file-01 to file-06) by touch command. (tcsh)% foreach num (01 02 03 04 05 06) foreach? touch file-$num foreach? end (tcsh)% ls -l -rw-r--r-1 fuku users 0 Nov 21 01:10 file-01 -rw-r--r-1 fuku users 0 Nov 21 01:10 file-02 -rw-r--r-1 fuku users 0 Nov 21 01:10 file-03 -rw-r--r-1 fuku users 0 Nov 21 01:10 file-04 -rw-r--r-1 fuku users 0 Nov 21 01:10 file-05 -rw-r--r-1 fuku users 0 Nov 21 01:10 file-06 Then, write these files to the tape with tar, one by one. % tar cf /dev/tape file-01 If you see no errors, it should have worked. Let's see mt status. % mt SCSI File Tape

status 1 tape drive: number=1, block number=0. block size 1024 bytes. Density code 0x0 (default).

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Backups

Page 123 of 167

Soft error count since last status=0 General status bits on (81010000): EOF ONLINE IM_REP_EN Looks fine. Since one EOF mark has been written on the tape, the file number is incremented by one. Because /dev/tape is /dev/nst0 in this case, which is no rewind device, the head position is at the EOF of the file just written. And the drive is ready to write next data.

Then write rest of the files at once. (tcsh)% foreach num (02 03 04 05 06) foreach? tar cf /dev/tape file-$num foreach? end Again, confirm the status. % mt status SCSI 1 tape drive: File number=6, block number=0. Tape block size 1024 bytes. Density code 0x0 (default). Soft error count since last status=0 General status bits on (81010000): EOF ONLINE IM_REP_EN All files have been properly written. The drive head position is at the end of the files just written, as shown in below figure.

It is important to know that each file consists of two parts, a file content and the EOF mark. If you write a file successfully, these two parts are generated automatically. When reading the file, set the tape head at the EOF of the previous file so that you can read the file from the first block. And if you want to add a file to the tape, you must set the head at the EOF of the last file in this tape. In other words, the EOF mark of the file is also a start position of the next file. If you write data from middle of some file, of course you will lose whole contents of it. As the next practice, let's read a certain file from the tape which contains multiple files sequentially. Firstly, consider extracting file-03 from the tape to which we just wrote six files. You have to move the head to where the target file is recorded. This can be done as shown below. First, rewind the tape completely, and then go to the proper position. % mt rewind

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Backups

Page 124 of 167

file-03 is written at the position of file number 2. Now the head is at the beginning of this tape (BOT), so you have to skip two EOFs to go to file-03. % mt fsf 2 mt fsf command skips specified numbers of EOFs and goes to the starting block of the next file. fsf 2 means that the head should be moved to the starting position of the file, which is two files ahead of the current position. % mt fsf 2

% mt status SCSI 1 tape drive: File number=2, block number=0. Tape block size 1024 bytes. Density code 0x0 (default). Soft error count since last status=0 General status bits on (81010000): EOF ONLINE IM_REP_EN Status says that the head is at the EOF of the file number 2 (where the file-02 is archived), and is also the starting point of file-03. Let's look the content of this file by tar: % tar tf /dev/nst0 file-03 It is file-03, as expected. Let's see tape status. % mt status SCSI 1 tape drive: File number=2, block number=10. Tape block size 1024 bytes. Density code 0x0 (default). Soft error count since last status=0 General status bits on (1010000): ONLINE IM_REP_EN Note that EOF is not shown in this status. Tar program usually reads an archive until its own "end of file" mark, and stops. This "end of file" is DIFFERENT from the EOF of the tape.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Backups

Page 125 of 167

In figure-6, F (blue mark) is the tar's "end of file" mark. Note that this is still within the recorded block of the file. If you try to read next block from this position, tar immediately finds EOF mark and silently quits without reading any files. If you want to read the next file, do this command: % mt fsf to skip one EOF mark. Please remember this behavior, since it is slightly confusing. Let's consider how to read the archive which has file-03 again, after you did "mt fsf" and the head is now at the EOF mark of it. The answer is searching the tape backward until the second EOF mark will be found. That is the beginning of this file.

To do this, type: % mt bsfm 2 bsfm is an extended command of mt, and some old mt doesn't implement it. In that case, you will have to use bsf and fsf in sequence to achieve the desired operation. The detail is somewhat cumbersome so it is omitted here. You can go to the EOF of the last file by mt eod command. However, this command might not work with certain drives, so you should test it beforehand. Even if it doesn't work, you can do the same by "fsf" command if you know how many files are written in this tape by logging your operations. Finally, rewind the tape and eject it. This operation also depends on the kind of your drive, but usually the following command works: % mt offline Then the tape is rewinded if necessary, and ejected from the drive.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 126 of 167

23. Printers Printers and Printing Printers are an essential resource for creating a hard copy — a physical depiction of data on paper — version of documents and collateral for business, academic, and home use. Printers have become an indispensable peripheral in all levels of business and institutional computing. This chapter discusses the various printers available and compares their uses in different computing environments. It then describes how printing is supported by Red Hat Enterprise Linux.

23.1. Types of Printers Like any other computer peripheral, there are several types of printers available. Some printers employ technologies that mimic manual typewriter-style functionality, while others spray ink on paper, or use a laser to generate an image of the page to be printed. Printer hardware interfaces with a PC or network using parallel, serial, or data networking protocols. There are several factors to consider when evaluating printers for procurement and deployment in your computing environment. The following sections discuss the various printer types and the protocols that printers use to communicate with computers.

23.1.1. Printing Considerations There are several aspects to factor into printer evaluations. The following specifies some of the most common criteria when evaluating your printing needs.

Function Evaluating your organizational needs and how a printer services those needs is the essential criteria in determining the right type of printer for your environment. The most important question to ask is "What do we need to print?" Since there are specialized printers for text, images, or any variation thereof, you should be certain that you procure the right tool for your purposes. For example, if your requirements call for high-quality color images on professional-grade glossy paper, it is recommended you use a dye-sublimation or thermal wax transfer color printer instead of a laser or impact printer. Conversely, laser or inkjet printers are well-suited for printing rough drafts or documents intended for internal distribution (such high-volume printers are usually called workgroup printers). Determining the needs of the everyday user allows administrators to determine the right printer for the job. Other factors to consider are features such as duplexing — the ability to print on both sides of a piece of paper. Traditionally, printers could only print on one side of the page (called simplex printing). Most lower-end printer models today do not have duplexing by default (they may, however, be capable of a manual duplexing method that requires the user to flip the paper themselves). Some models offer add-on hardware for duplexing; such addons can drive one-time costs up considerably. However, duplex printing may reduce costs over time by reducing the amount of paper used to print documents, thus reducing the cost of consumables — primarily paper. Another factor to consider is paper size. Most printers are capable of handling the more common paper sizes:    

letter — (8 1/2" x 11") A4 — (210mm x 297mm) JIS B5 — (182mm x 257mm) legal — (8 1/2" x 14")

If certain departments (such as marketing or design) have specialized needs such as creating posters or banners, there are large-format printers capable of using A3 (297mm x 420mm) or tabloid (11" x 17") paper sizes. In addition, there are printers capable of even larger sizes, although these are often only used for specialized purposes, such as printing blueprints. Additionally, high-end features such as network modules for workgroup and remote site printing should also be considered during evaluation.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 127 of 167

Cost Cost is another factor to consider when evaluating printers. However, determining the one-time cost associated with the purchase of the printer itself is not sufficient. There are other costs to consider, such as consumables, parts and maintenance, and printer add-ons. As the name implies, consumables is a general term used to describe the material used up during the printing process. Consumables primarily take the form of media and ink. The media is the material on which the text or image is printed. The choice of media is heavily dependent on the type of information being printed.

23.6. Printer Languages and Technologies Before the advent of laser and inkjet technology, impact printers could only print standard, justified text with no variation in letter size or font style. Today, printers are able to process complex documents with embedded images, charts, and tables in multiple frames and in several languages, all on one page. Such complexity must adhere to some format conventions. This is what spurred the development of the page description language (or PDL) — a specialized document formatting language specially made for computer communication with printers. Over the years, printer manufacturers have developed their own proprietary languages to describe document formats. However, such proprietary languages applied only to the printers that the manufacturers created themselves. If, for example, you were to send a print-ready file using a proprietary PDL to a professional press, there was no guarantee that your file would be compatible with the printer's machines. The issue of portability came into question. Xerox® developed the Interpress™ protocol for their line of printers, but full adoption of the language by the rest of the printing industry was never realized. Two original developers of Interpress left Xerox and formed Adobe®, a software company catering mostly to electronic graphics and document professionals. At Adobe, they developed a widely-adopted PDL called PostScript™, which uses a markup language to describe text formatting and image information that could be processed by printers. At the same time, the Hewlett-Packard ® Company developed the Printer Control Language™ (or PCL) for use in their ubiquitous laser and inkjet printer lines. PostScript and PCL are now widely adopted PDLs and are supported by most printer manufacturers. PDLs work on the same principle as computer programming languages. When a document is ready for printing, the PC or workstation takes the images, typographical information, and document layout, and uses them as objects that form instructions for the printer to process. The printer then translates those objects into rasters, a series of scanned lines that form an image of the document (called Raster Image Processing or RIP), and prints the output onto the page as one image, complete with text and any graphics included. This work-flow makes printing documents of any complexity uniform and standard, resulting in little or no variation in printing from one printer to the next. PDLs are designed to be portable to any format, and scalable to fit different paper sizes.

23.7. Networked Versus Local Printers Depending on organizational needs, it may be unnecessary to assign one printer to each member of your organization. Such overlap in expenditure can eat into allotted budgets, leaving less capital for other necessities. While local printers attached via a parallel or USB cables to every workstation are an ideal solution for the user, it is usually not economically feasible.

Printer manufacturers have addressed this need by developing departmental (or workgroup) printers. These machines are usually durable, fast, and have long-life consumables. Workgroup printers usually are attached to a print server, a standalone device (such as a reconfigured workstation) that handles print jobs and routes output to the proper printer when available. More recent departmental printers include built-in or add-on network interfaces that eliminate the need for a dedicated print server. The Printer Configuration Tool allows users to configure a printer in Red Hat Linux. This tool helps maintain the printer configuration file, print spool directories, and print filters. Starting with version 9 and Fedora, Red Hat Linux defaults to the CUPS printing system. The previous default printing system, LPRng is still provided. If the system was upgraded from a previous Red Hat Linux version that used LPRng, the upgrade process did not replace LPRng with CUPS; the system will continue to use LPRng.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 128 of 167

If a system was upgraded from a previous Red Hat Linux version that used CUPS, the upgrade process preserved the configured queues, and the system will continue to use CUPS. The Printer Configuration Tool configures both the CUPS and LPRng printing system, depending on which one the system is configured to use. When you apply changes, it configures the active printing system. To use the Printer Configuration Tool you must have root privileges. To start the application, select Main Menu Button (on the Panel) => System Settings => Printing, or type the command redhatconfig-printer. This command automatically determines whether to run the graphical or text based version depending on whether the command is executed in the graphical X Window System environment or from a text-based console. You can also force the Printer Configuration Tool to run as a text-based application by using the command redhat-config-printer-tui from a shell prompt. Important Do not edit the /etc/printcap file or the files in the /etc/cups/ directory. Each time the printer daemon (lpd or cups) is started or restarted, new configuration files are dynamically created. The files are dynamically created when changes are applied with Printer Configuration Tool as well. If you are using LPRng and want to add a printer without using the Printer Configuration Tool, edit the /etc/printcap.local file. The entries in /etc/printcap.local are not displayed in the Printer Configuration Tool but are read by the printer daemon. If you upgraded your system from a previous version of Red Hat Linux, your existing configuration file was converted to the new format used by this application. Each time a new configuration file is generated, the old file is saved as /etc/printcap.old. If you are using CUPS, the Printer Configuration Tool does not display any queues or shares not configured using the Printer Configuration Tool; however, it will not remove them from the configuration files.

23.8 Printer Configuration The following types of print queues can be configured: Locally-connected a printer attached directly to the computer through a parallel or USB port. Networked UNIX (LPD) a printer attached to a different UNIX system that can be accessed over a TCP/IP network (for example, a printer attached to another Red Hat Linux system running LPD on the network).

Figure1: Printer Configuration Tool Networked Windows (SMB) a printer attached to a different system which is sharing a printer over a SMB network (for example, a printer attached to a Microsoft Windowsô machine). Networked Novell (NCP) a printer attached to a different system which uses Novell's NetWare network technology. Important If you add a new print queue or modify an existing one, you must apply the changes to them to take effect. Clicking the Apply button saves any changes that you have made and restarts the printer daemon. The changes www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 129 of 167

are not written to the configuration file until the printer daemon is restarted. Alternatively, you can choose Action => Apply. Adding a Local Printer To add a local printer, such as one attached through a parallel port or USB port on your computer, click the New button in the main Printer Configuration Tool window to display the window in following Figure2. Click Forward to proceed.

Figure2: Adding a Printer

In the window shown below Figure3, enter a unique name for the printer in the Name text field. The printer name cannot contain spaces and must begin with a letter. The printer name may contain letters, numbers, dashes (-), and underscores (fi). Optionally, enter a short description for the printer, which can contain spaces.

Figure3: Selecting a Queue Name

After clicking Forward, Figure4 appears. Select Locally-connected from the Select a queue type menu, and select the device. The device is usually /dev/lp0 for a parallel printer or /dev/usb/lp0 for a USB printer. If no devices appear in the list, click Rescan devices to rescan the computer or click Custom device to specify it manually. Click Forward to continue.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 130 of 167

Figure4. Adding a Local Printer The next step is to select the type of printer. Go to Selecting the Printer Model and Finishing to continue. Adding a Remote UNIX (LPD) Printer To add a remote UNIX printer, such as one attached to a different Linux system on the same network, click the New button in the main Printer Configuration Tool window. The window shown in Figure2 will appear. Click Forward to proceed. In the window shown in Figure3, enter a unique name for the printer in the Name text field. The printer name cannot contain spaces and must begin with a letter. The printer name may contain letters, numbers, dashes (-), and underscores (fi). Optionally, enter a short description for the printer, which can contain spaces. Select Networked UNIX (LPD) from the Select a queue type menu, and click Forward.

Figure5. Adding a Remote LPD Printer Text fields for the following options appear: Server The hostname or IP address of the remote machine to which the printer is attached. Queue The remote printer queue. The default printer queue is usually lp. Click Forward to continue. The next step is to select the type of printer. Adding a Samba (SMB) Printer To add a printer which is accessed using the SMB protocol (such as a printer attached to a Microsoft Windows system), click the New button in the main Printer Configuration Tool window. The window shown in Figure2 will appear. Click Forward to proceed. In the window shown in Figure3, enter a unique name for the printer in the Name text field. The printer name cannot contain spaces and must begin with a letter. The printer name may contain letters, numbers, dashes (-), and underscores (fi). Optionally, enter a short description for the printer, which can contain spaces.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 131 of 167

Select Networked Windows (SMB) from the Select a queue type menu, and click Forward. If the printer is attached to a Microsoft Windows system, choose this queue type.

Figure6. Adding a SMB Printer As shown in Figure6, SMB shares are automatically detected and listed. Click the arrow beside each share name to expand the list. From the expanded list, select a printer. If the printer you are looking for does not appear in the list, click the Specify button on the right. Text fields for the following options appear:    



Workgroup The name of the Samba workgroup for the shared printer Server The name of the server sharing the printer Share The name of the shared printer on which you want to print. This name must be the same name defined as the Samba printer on the remote Windows machine. User name The name of the user you must log in as to access the printer. This user must exist on the Windows system, and the user must have permission to access the printer. The default user name is typically guest for Windows servers, or nobody for Samba servers. Password The password (if required) for the user specified in the User name field.

Click Forward to continue. The Printer Configuration Tool then attempts to connect to the shared printer. If the shared printer requires a username and password, a dialog window appears prompting you to provide a valid username and password for the shared printer. If an incorrect share name is specified, you can change it here as well. If a workgroup name is required to connect to the share, it can be specified in this dialog box. This dialog window is the same as the one shown when the Specify button is clicked. Warning If you require a username and password, they are stored unencrypted in files only readable by root and lpd. Thus, it is possible for others to learn the username and password if they have root access. To avoid this, the username and password to access the printer should be different from the username and password used for the user's account on the local Red Hat Linux system. If they are different, then the only possible security compromise would be unauthorized use of the printer. If there are file shares from the server, it is recommended that they also use a different password than the one for the print queue. Selecting the Printer Model and Finishing After selecting the queue type of the printer, the next step is to select the printer model. You will see a window similar to Figure7. If it was not auto-detected, select the model from the list. The printers are divided by manufacturers. Select the name of the printer manufacturer from the pulldown menu. The printer models are updated each time a different manufacturer is selected. Select the printer model from the list.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 132 of 167

Figure7. Selecting a Printer Model The recommended print driver is selected based on the printer model selected. The print driver processes the data that you want to print into a format the printer can understand. Since a local printer is attached directly to your computer, you need a print driver to process the data that is sent to the printer. If you are configuring a remote printer (IPP, LPD, SMB, or NCP), the remote print server usually has its own print driver. If you select an additional print driver on your local computer, the data is filtered multiple times and is converted to a format that the printer can not understand. To make sure the data is not filtered more than once, first try selecting Generic as the manufacturer and Raw Print Queue or Postscript Printer as the printer model. After applying the changes, print a test page to try out this new configuration. If the test fails, the remote print server might not have a print driver configured. Try selecting a print driver according to the manufacturer and model of the remote printer, applying the changes, and printing a test page. Confirming Printer Configuration The last step is to confirm your printer configuration. Click Apply to add the print queue if the settings are correct. Click Back to modify the printer configuration. Click the Apply button in the main window to save your changes and restart the printer daemon. After applying the changes, print a test page to ensure the configuration is correct.

Printing a Test Page After you have configured your printer, you should print a test page to make sure the printer is functioning properly. To print a test page, select the printer that you want to try out from the printer list, then select the appropriate test page from the Test pulldown menu. If you change the print driver or modify the driver options, you should print a test page to test the different configuration.

Figure8. Test Page Options

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 133 of 167

Modifying Existing Printers To delete an existing printer, select the printer and click the Delete button on the toolbar. The printer is removed from the printer list. Click Apply to save the changes and restart the printer daemon. To set the default printer, select the printer from the printer list and click the Default button on the toolbar. The default printer icon appears in the Default column of the default printer in the list. After adding the printer(s), the settings can be edited by selecting the printer from the printer list and clicking the Edit button. The tabbed window shown in Figure9 is displayed. The window contains the current values for the selected printer. Make any necessary changes, and click OK. Click Apply in the main Printer Configuration Tool window to save the changes and restart the printer daemon.

Figure9. Editing a Printer

Queue Name To rename a printer or change its short description, change the value in the Queue name tab. Click OK to return to the main window. The name of the printer should change in the printer list. Click Apply to save the change and restart the printer daemon.

Queue Type The Queue type tab shows the queue type that was selected when adding the printer and its settings. The queue type of the printer can be changed or just the settings. After making modifications, click OK to return to the main window. Click Apply to save the changes and restart the printer daemon. Depending on which queue type is chosen, different options are displayed. Refer to the appropriate section on adding a printer for a description of the options.

Printer Driver The Printer driver tab shows which print driver is currently being used. If it is changed, click OK to return to the main window. Click Apply to save the change and restart the printer daemon.

Driver Options The Driver Options tab displays advanced printer options. Options vary for each print driver. Common options include: Send Form-Feed (FF) should be selected if the last page of the print job is not ejected from the printer (for example, the form feed light fiashes). If this does not work, try selecting Send End-of-Transmission (EOT) instead. Some printers require both Send Form-Feed (FF) and Send EndofTransmission (EOT) to eject the last page. This option is only available with the LPRng printing system.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 134 of 167

Send End-of-Transmission (EOT) should be selected if sending a form-feed does not work. Refer to Send FormFeed (FF) above. This option is only available with the LPRng printing system. Assume Unknown Data is Text should be selected if the print driver does not recognize some of the data sent to it. Only select this option if there are problems printing. If this option is selected, the print driver assumes that any data that it can not recognize is text and attempts to print it as text. If this option is selected along with the Convert Text to Postscript option, the print driver assumes the unknown data is text and then converts it to PostScript. This option is only available with the LPRng printing system. Prerender Postscript should be selected if characters beyond the basic ASCII set are being sent to the printer but they are not printing correctly (such as Japanese characters). This option prerenders non-standard PostScript fonts so that they are printed correctly. If the printer does not support the fonts you are trying to print, try selecting this option. For example, select this option to print Japanese fonts to a non-Japanese printer. Extra time is required to perform this action. Do not choose it unless problems printing the correct fonts exist. Also select this option if the printer can not handle PostScript level This option converts it to PostScript level 1 GhostScript pre-filtering allows you to select No pre-filtering, Convert to PS level 1, or Convert to PS level 2 in case the printer can not handle certain PostScript levels. This option is only available if the PostScript driver is used with the CUPS printing system. Convert Text to Postscript is selected by default. If the printer can print plain text, try unselecting his when printing plain text documents to decrease the time it takes to print. If the CUPS printing ystem is used, this is not an option because text is always converted to PostScript.

Page Size allows the paper size to be selected. The options include US Letter, US Legal, A3, andA4. Effective Filter Locale defaults to C. Media Source defaults to Printer default. Change this option to use paper from a different tray. To modify the driver options, click OK to return to the main window. Click Apply to save the change and restart the printer daemon.

Saving the Configuration File When the printer configuration is saved using the Printer Configuration Tool, the application creates its own configuration file that is used to create the files in the /etc/cups directory (or the /etc/printcap file that lpd reads). You can use the command line options to save or restore the Printer Configuration Tool file. If the /etc/cups directory or the /etc/printcap file is saved and restored to the same locations, the printer configuration is not be restored because each time the printer daemon is restarted, it creates a new /etc/printcap file from the special Printer Configuration Tool configuration file. When creating a backup of the system's configuration files, use the following method to save the printer configuration files. If the system is using LPRng and custom settings have been added in the /etc/printcap.local file, it should be saved as part of the backup system as well. To save your printer configuration, type this command as root: /usr/sbin/redhat-config-printer-tui --Xexport > settings.xml Your configuration is saved to the file settings.xml. If this file is saved, it can be used to restore the printer settings. This is useful if the printer configuration is deleted, if Red Hat Linux is reinstalled, or if the same printer configuration is needed on

Printer Configuration multiple systems. The file should be saved on a different system before reinstalling. To restore the configuration, type this command as root: /usr/sbin/redhat-config-printer-tui --Ximport < settings.xml If you already have a configuration file (you have configured one or more printers on the system already) and you try to import another configuration file, the existing configuration file will be overwritten. If you want to keep your www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 135 of 167

existing configuration and add the configuration in the saved file, you can merge the files with the following command (as root): /usr/sbin/redhat-config-printer-tui --Ximport --merge < settings.xml Your printer list will then consist of the printers you configured on the system as well as the printers you imported from the saved configuration file. If the imported configuration file has a print queue with the same name as an existing print queue on the system, the print queue from the imported file will override the existing printer. After importing the configuration file (with or without the merge command), you must restart the printer daemon. If you are using CUPS, issue the command: /sbin/service cups restart If you are using LPRng, issue the command: /sbin/service lpd restart

Command Line Configuration If you do not have X installed and you do not want to use the text-based version, you can add a printer via the command line. This method is useful if you want to add a printer from a script or in the %post section of a kickstart installation.

Adding a Local Printer To add a printer: redhat-config-printer-tui --Xadd-local options Options: --device=node (Required) The device node to use For example, /dev/lp0 --make=make (Required) The IEEE 1284 MANUFACTURER string or the printer manufacturer's name as in the foomatic database if the manufacturer string is not available --model=model (Required) The IEEE 1284 MODEL string or the printer model listed in the foomatic database if the model string is not available. --name=name (Optional) The name to be given to the new queue. If one is not given, a name based on the device node (such as ìlp0î) will be used. If you are using CUPS as the printing system (the default), after adding the printer, use the following command to start/restart the printer daemon: #service cups restart

If you are using LPRng as the printing system, after adding the printer, use the following command to start/restart the printer daemon: #service lpd restart Removing a Local Printer A printer queue can also be removed via the command line. As root, to remove a printer queue: redhat-config-printer-tui --Xremove-local options Options: --device=node www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 136 of 167

(Required) The device node used such as /dev/lp0. --make=make (Required) The IEEE 1284 MANUFACTURER string, or (if none is available) the printer manufacturer's name as in the foomatic database --model=model (Required) The IEEE 1284 MODEL string, or (if none is available) the printer model as listed in the foomatic database. If you are using the CUPS printing system (the default), after removing the printer from the Printer Configuration Tool configuration, restart the printer daemon for the changes to take effect: #service cups restart If you are using the LPRng printing system, after removing the printer from the Printer Configuration Tool configuration, restart the printer daemon for the changes to take effect: #service lpd restart If you are using CUPS, have removed all printers, and do not want to run the printer daemon anymore, execute the following command: #service cups stop If you are using LPRng, have removed all printers, and do not want to run the printer daemon anymore, execute the following command: #service lpd stop

Managing Print Jobs When you send a print job to the printer daemon, such as printing text file from Emacs or printing an image from The GIMP, the print job is added to the print spool queue. The print spool queue is a list of print jobs that have been sent to the printer and information about each print request, such as the status of the request, the username of the person who sent the request, the hostname of the system that sent the request, the job number, and more. If you are running a graphical desktop environment, click the Printer Manager icon on the panel to start the GNOME Print Manager as shown in Figure10.

Figure10. GNOME Print Manager It can also be started by selecting Main Menu Button (on the Panel) => System Tools => Print Manager. To change the printer settings, right-click on the icon for the printer and select Properties. The Printer Configuration Tool is then started. Double-click on a configured printer to view the print spool queue as shown in Figure11

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 137 of 167

Figure11 List of Print Jobs To cancel a specific print job listed in the GNOME Print Manager, select it from the list and select dit => Cancel Documents from the pulldown menu. If there are active print jobs in the print spool, a printer notification icon might appears in the Panel otification Area of the desktop panel as shown in Figure10. Because it probes for active print jobs every five seconds, the icon might not be displayed for short print jobs.

Figure10: Clicking on the printer notification icon starts the GNOME Print Manager to display a list of current print jobs. Also located on the Panel is a Print Manager icon. To print a file from Nautilus, browse to the location of the file and drag and drop it on to the Print Manager icon on the Panel. The window shown in Figure12 is displayed. Click OK to start printing the file.

Figure12. Print Verification Window To view the list of print jobs in the print spool from a shell prompt, type the command lpq. The last few lines will look similar to the following: Example of lpq output Rank Owner/ID Class Job Files Size Time active user@localhost+902 A 902 sample.txt 2050 01:20:46 www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 138 of 167

Sharing a Printer The Printer Configuration Tool's ability to share configuration options can only be used if you are using the CUPS printing system. Allowing users on a different computer on the network to print to a printer configured for your system is called sharing the printer. By default, printers configured with the Printer Configuration Tool are not shared. To share a configured printer, start the Printer Configuration Tool and select a printer from the list. Then select Action => Sharing from the pulldown menu. Note: If a printer is not selected, Action => Sharing only shows the system-wide sharing options normally shown under the General tab. On the Queue tab, select the option to make the queue available to other users.

Figure13. Queue Options

After selecting to share the queue, by default, all hosts are allowed to print to the shared printer. Allowing all systems on the network to print to the queue can be dangerous, especially if the system is directly connected to the Internet. It is recommended that this option be changed by selecting the All hosts entry and clicking the Edit button to display the window shown in Figure14. If you have a firewall configured on the print server, it must be able to send and receive connections on the incoming UDP port, 631. If you have a firewall configured on the client (the computer sending the print request), it must be allowed to send and accept connections on port 631.

Figure14. Allowed Hosts The General tab configures settings for all printers, including those not viewable with the Printer Configuration Tool. There are two options:

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 139 of 167

Figure15. System-wide Sharing Options Automatically find remote shared queues Selected by default, this option enables IPP browsing, which means that when other machines on the network broadcast the queues that they have, the queues are automatically added to the list of printers available to the system; no additional configuration is required for a printer found from IPP browsing. This option does not automatically share the printers configured on the local system.

Sharing a Printer with LPRng If you are running the LPRng printing system, sharing must be configured manually. To allow systems on the network to print to a configured printer on a Red Hat Linux system, use the following steps: 1. Create the file /etc/accepthost. In this file, add the IP address or hostname of the system that you want to allow print access to, with one line per IP or hostname. 2. Uncomment the following line in /etc/lpd.perms: ACCEPT SERVICE=X REMOTEHOST= < /etc/accepthost 3. Restart the daemon for the changes to take effect: #service lpd restart Switching Print Systems To switch printing systems, run the Printer System Switcher application. Start it by selecting the Main Menu Button (on the Panel) => System Settings => More System Settings => Printer System Switcher, or type the command redhat-switch-printer at a shell prompt (for example, in an XTerm or GNOME terminal). The program automatically detects if the X Window System is running. If it is running, the program starts in graphical mode as shown in Figure16. If X is not detected, it starts in a text-based mode. To force it to run in as a text-based application, use the command redhat-switch-printer-nox.

Select either the LPRng or the CUPS printing system. In Red Hat Linux 9, CUPS is the default. If you only have one printing system installed, it is the only option shown. If you select OK to change the printing system, the selected print daemon is enabled to start at boot time, and the unselected print daemon is disabled so that it does not start at boot time.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Printers

Page 140 of 167

Figure16 Printer System Switcher The selected print daemon is started, and the other print daemon is stopped; thus making the changes take place immediately.

Additional Resources To learn more about printing on Red Hat Linux, refer to the following resources. Installed Documentation man printcap The manual page for the /etc/printcap printer configuration file. map lpr The manual page for the lpr command that allows you to print files from the command line. man lpd The manual page for the LPRng printer daemon. man lprm The manual page for the command line utility to remove print jobs from the LPRng spool queue. man mpage The manual page for the command line utility to print multiple pages on one sheet of paper. man cupsd The manual page for the CUPS printer daemon. man cupsd.conf The manual page for the CUPS printer daemon configuration file. man classes.conf The manual page for the class configuration file for CUPS.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Upgrading Linux Kernel

Page 141 of 167

24.Upgrading the RedHat Linux Kernel Typical reasons for upgrading the kernel   

You have installed newer hardware that wasn't previously supported. Drivers for the hardware you do have are updated and you need to use them. Most Important: Security holes have been found in earlier kernels and are fixed in the latest kernel

New and common 2.6 kernel code features The Linux 2.6 Kernel contains the following common features:          

0(1) Scheduler - Allows more processes and improved response time. Block I/O - Asynchronous I/O layer improvements and enhancements. Memory management enhancements - Provides more capacity for swapping systems. SMP scalability enhancements - Performance improvements by lock contention reduction. New threading model (NPTL) - Kernel assisted threading allows increased speed for multithreaded applications. IPv6, IPsec additional features - Allows for cryptographic security at network protocol level and enables crypto exploitation for z990. New file system/volume manager features - XA (external attributes), management, and security improvements for the Samba server. Per-CPU optimizations - Performance improvement by lock contention reduction. Constraint relief - Support for more than 32 CPUs. Kernel preemption support - Provides enhanced time sharing within one Linux image for certain types of workloads.

Note: This feature is turned off on distributions. 

  

New device driver interface - Device information is now kept in sysfs (/sys) and device configuration is only available through sysfs. procfs (/proc) is still available, but its use for device driver information is deprecated. Device numbers have been replaced with bus IDs. ePoll - Provides fast and more efficient I/O processing on multiple file descriptors. This addition provides improved scalability for systems running Domino®. Access control lists. Extended attributes.

24.1 Upgrading Kernel Step By Step STEP1 Most Important: Security holes have been found in earlier kernels and are fixed in the latest kernel This practical assumes that you have a fully functional 2.4 kernel setup in place. The specific version (2.4.8 or 2.4.22-1.2115.nptl or what not) is not important. Also, though this upgrade deals with 2.4.x to 2.6.6, the exact same steps should apply to 2.6.x as and when they come out. Since there are interface changes between 2.4.x and 2.6.x, the upgrade is slightly more tedious that upgrading within the same branch. The Machine on which we are going to upgrade the kernel is with following Hardware configuration PIV 2Ghz processor,512Mb RAM, 40Gb Hd and installed with RedHat Linux 9 Shrike OS. Note: On the slower machine kernel upgrading process takes quite long. So be patient! STEP2 The upgrade requires a few modifications to various config files. Just to be safe, it would be a good idea to copy these files to a safe location so that reverting back to your existing setup is easy. The files are: /etc/rc.sysinit /etc/init.d/halt /etc/fstab STEP3 www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Upgrading Linux Kernel

Page 142 of 167

Download the latest version of modutils-tools from the following site http://www.kernel.org/pub/linux/kernel/people/rusty/modules/ or or Install all the developer related tools by using redhat-config-packages. The modutils package contains versions of modprobe, insmod, rmmod etc. required because of the reimplementation of the in-kernel module loader in 2.6. However, these tools are backward compatible so things will still work in your 2.4 setup after you install it. STEP4 Download the latest kernel, here we are using linux-2.6.6.tar.bz2 uncompress and unzip it.It is recommended that you copy the kernel to /home/kernel/src/ #mkdir –p /home/kernel/src #cp linux-2.6.0.tar.bz2 /home/kernel/src # cd /home/kernel/src # bunzip2 -c linux-2.6.0.tar.bz2 | tar -xv # cd /home/kernel/src/linux-2.6.6 STEP5 Copy the appropriate /usr/src/linux-2.4/configs [kernel-2.4.20-i686.config] to .config in whatever directory you are installing. In our case it's /home/src/kernel/linux-2.6.3 cp /usr/src/linux-2.4/configs/kernel-2.4.20-i686.config /home/src/kernel/linux-2.6.6/.config

\

Note: If the /usr/src/linux-2.4 dose not exists, probably you don’t have linux-source-2.4.20 package installed. You can install this package from 2nd and 3rd CD of RedHat 9 distribution. Use redhat-config-packages and install the Kernel Development section of packages or simply use rpm command to install the package. STEP6 Assuming you copied the appropriate kernel-2.4 config to .config, run the following which will run through necessary questions for the 2.6 kernel. This command will backup the current kernel settings and adds to the new one we are about to build. oldconfig will read the defaults from an existing .config and rewrite necessary links and files. Use this option if you've made minor changes to source files or need to script the rebuild process. Note that oldconfig will only work within the same major version of the kernel. #make oldconfig The above command preserves most settings and will prompt you only for new items. You can also use “make xconfig” command which brings up GUI window asking you to setup all the parameters that you want to enable or disable. You can alos use “make menuconfig” which brings up a TUI See the following figure: #make xconfig

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Upgrading Linux Kernel

Page 143 of 167

Figure: make xconfig

Note: Run only one of the above commands. STEP7 This is very important. Make sure you're .config has the following in it CONFIG_EXT3_FS=y You'll run into the error if you leave this =m instead of =y: vi /home/src/kernel/linux-2.6.6/.config CONFIG_EXT3_FS=y Edit the Makefile and add changes to the Extraversion as desired. Patches will update these values as well. #vi /home/src/kernel/linux-2.6.3/Makefile VERSION = 2 PATCHLEVEL = 6 SUBLEVEL = 3 EXTRAVERSION = -custom_ker-6 Here we are just adding our own name (-custom_ker-6) to the kernel’s extra version. STEP 8: Build the Kernel Image Building the bzImage takes substatially long time based on your system performance. On a Pentium III with 128Mb RAM took almost 45 minutes to build the kernel Image. #make bzImage If everything went correctly then the new kernel should exist in ./arch/$ARCH/boot. For example, on IA32 systems we can verify this with: #ls -l arch/i686/boot STEP 9: There is one more step needed for the build process, however. You have created the kernel, but now you need to create all the loadable modules if you have them configured. Be aware that typical distribution kernels tend to have almost every feature installed, plus a few others for good measure. These can typically take an hour or so to build. The stock kernels are somewhat leaner by default and take, on average, 25 minutes to compile. To build the modules we run: #make modules STEP 10: Again, lots of messages will scroll by on the screen. Here also the 2.6.x series is less talkative, outputting only summary information. Once the modules are built they can be installed. To install the modules run: #make modules_install www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Upgrading Linux Kernel

Page 144 of 167

STEP 11: Now it’s the time to install our new kernel. Simply run the make install command. It should automatically update the GRUB boot loader configuration file /boot/grub/grub.conf, create initial ram disk image (/boot/initrd-2.6.6-custom_ker-6) and place the new kernel (/boot/vmlinuz-2.6.6custom_ker-6) under /boot directory. #make install STEP 12 (CHECKING EVERYTHING): Check the following: 

The new image file should be installed on boot and there should be sym link to it. Latest kernel is 2.6.3custom_ker-6, and I got the "-custom_ker-6" from the values I put in the Makefile, see the following: ls –l /boot vmlinuz -> vmlinuz-2.6.3-custom_ker-6 System.map -> System.map-2.6.3-custom_ker-6

/boot/grub/grub.conf Should have been automatically updated from make. In /boot/grub/grub.conf change "default=0" to boot with the new kernel. Here's an example of grub.conf:

  

# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making # NOTICE: You have a /boot partition. #boot=/dev/hda default=0 timeout=10 splashimage=(hd0,2)/grub/splash.xpm.gz title Red Hat Linux (2.6.3-custom_ker-6) root (hd0,2) kernel /vmlinuz-2.6.3-custom_ker-6 ro root=LABEL=/ initrd /initrd-2.6.3-custom_ker-6.img You added the mount command for sys in /etc/rc.sysinit CONFIG_EXT3_FS=y was used in the .config Run /sbin/lsmod or cat /proc/modules to make sure a 2.4 kernel module wasn't forgotten. Also

look at "#cat /proc/iomem"

Lastly: reboot the system tryout the new kernel. Use the uname –r command to see the current kernel version. #uname –r 2.6.6-custom_ker

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Dumb Terminal

Page 145 of 167

25. Configuring Dumb Terminal In a corporate environment with large numbers of Linux servers racked in data centers it’s not easy and affordable to provide a Monitor (console) to each one of the server. Instead we can use a Dumb Terminal to connect to the server by using one of its COM port. In this chapter we will see how to connect to a Linux from a dumb terminal.

Preparing To Go “Headless” 

 

One of the advantages of this method is that you don't need a keyboard either. Unfortunately your BIOS may halt the system during the Power On Self Test (POST) if it doesn't detect a keyboard. Make sure you disable this feature in the BIOS setup of your PC before proceeding. This feature can usually be found on the very first screen under the “Halt On” option. You will also need to make sure that you have activated your COM ports in your BIOS settings. For non-modem connectivity (PC to PC) connect a NULL modem cable to the COM port you want to test, connect the other end to the client PC running "Hyperterm" or whatever terminal emulation software you are using. One popular Linux equivalent to Hyperterm is “minicom”.

Configuration Steps In RedHat Linux, the COM1 and COM2 ports are controlled by a program called "agetty", but "agetty" usually isn't activated when you boot up unless its configuration file /etc/inittab is modified. In other versions of Linux, "agetty" may be called just plain "getty". Here is a table that lists the physical ports to their equivalent Linux device names. Port

Linux "agetty" Device Name

COM1

ttyS0

COM2

ttys1

The following lines added to /etc/inittab will configure your COM ports for terminal access: # Run COM1 and COM2 gettys in standard runlevels S0:235:respawn:/sbin/agetty -L 9600 ttyS0 vt100 S1:235:respawn:/sbin/agetty -L 9600 ttyS1 vt100

Warning: The system will HANG if one of ttyS0 or ttyS1 is connected to Mouse or other devices are using the particular port. In such case check the back panel of the system, find the proper port and mention only that particular port in /etc/inittab i.e either ttyS0 or ttyS1. If the mouse is PS/2 type or both the ports are not in use then there shouldn’t be any problem. The next step is to restart the "init" process to re-read /etc/inittab [root@skynet tmp]# init q Now you need to configure the terminal client such “as Hyperterm” to match the speed settings in /etc/inittab. Connect the console / modem cable between the client and your Linux box. Hit "enter" a couple times and you see something like this: Red Hat Linux release 9 (Shrike) Kernel 2.4.18-14 on an i686 skynet login: Note: By default, user "root" will not be able to log in from a terminal. To do this you'll have to edit the /etc/securetty file which contains the device names of tty lines on which root is allowed to login. Just add ttyS0 and ttyS1 to the list if you need this access.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Software RAID

Page 146 of 167

26. Software RAID The main goal of using Redundant Arrays of Inexpensive Disks (RAID) is to either improve disk data performance and/or provide data redundancy. RAID can be handled either by the operating system software or it may be implemented via a purpose built RAID disk controller card without having to configure the operating system at all. This chapter will explain how to configure the software RAID schemes supported by RedHat / Enterprise/ Fedora Linux.

26.1 RAID Types 26.1.1 RAID 0 With RAID 0 the RAID controller tries to evenly distribute data across all disks in the RAID set. RAID 0 aims to accommodate large file systems spread over multiple devices with no data redundancy. The advantage of RAID 0 is data access speed. A file that is spread over four disks can be read four times as fast. You should also be aware that RAID 0 is often called "striping". RAID 0 can accommodate disks of unequal sizes. When RAID runs out of "striping space" on the smallest device, it then continues the striping using the available space on the remaining drives. When this occurs, the data access speed is lower for this portion of data as the total number of RAID drives available is reduced. It is for this reason that RAID 0 is best used with equal sized drives. Following figure illustrates the data allocation process in RAID 0.

26.1.2 RAID 1 With RAID 1, data is cloned on a duplicate disk. This RAID method is therefore frequently called "disk mirroring". A good analogy would be telling two people the same story so that if one forgets some of the details you can ask the other one to remind you. When one of the disks in the RAID set fails, the other one continues to function. When the failed disk is replaced, the data is automatically cloned to the new disk from the surviving disk. RAID 1 also offers the possibility of using a "hot standby" spare disk which will be automatically cloned in the event of a disk failure on any of the primary RAID devices. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Software RAID

Page 147 of 167

RAID 1 offers data redundancy, without the speed advantages of RAID 0. A disadvantage of software based RAID 1 is that the server has to send data twice to be written to each of the mirror disks. This can saturate data busses and CPU utilization. With a hardware based solution, the server CPU sends the data to the RAID disk controller once, and the disk controller then duplicates the data to the mirror disks. This makes RAID capable disk controllers the preferred solution when implementing RAID 1. A limitation of RAID 1 is that the total RAID size in Gigabytes is equal to that of the smallest disk in the RAID set. Unlike RAID 0, the extra space on the larger device isn't used. Following figure illustrates the data allocation process in RAID 1.

26.1.3 RAID 5 RAID 5 improves on RAID 4 by striping the parity data between all the disks in the RAID set, This avoids the parity disk bottleneck while maintaining many of the speed features of RAID 0 and the redundancy of RAID 1. Like RAID 4, RAID 5 can only survive the loss of a single disk. Linux RAID 5 requires a minimum of three disks / partitions. Specially built hardware based RAID disk controllers are available for both IDE and SCSI drives. They usually have their own BIOS, so you can configure them right after your system's the power on self test (POST). Hardware based RAID is transparent to your operating system, the hardware does all the work. If hardware RAID isn't available then you should be aware of these basic guidelines to follow when setting up software RAID.

Followinf figure illustrates the data allocation process in RAID 5.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Software RAID

Page 148 of 167

Before You Start

26.2 SCSI and IDE 26.2.1 IDE Drives Following are IDE disks limitations:     

The total length of an IDE cable can only be a few feet long which generally limits their use to small home systems. IDE drives do not "hot swap". You cannot replace them while your system is running. Only two devices can be attached per controller. The performance of the IDE bus can be degraded by the presence of a second device on the cable. The failure of one drive on an IDE bus often causes the malfunctioning of the second device. This can be fatal if you have two IDE drives of the same RAID set attached to the same cable.

It is for these reasons that it is recommended to use only one IDE drive per controller when using RAID, especially in a corporate environment.

26.2.2 SCSI Drives SCSI hard disks have a number of features that make them more attractive for RAID use.    

SCSI controllers are more tolerant of disk failures. The failure of a single drive is less likely to disrupt the remaining drives on the bus. SCSI cables can be several meters long, making them suitable for data center applications. Much more than two devices may be connected to a SCSI cable bus. It can accommodate 7 (singleended SCSI) or 15 (all other SCSI types) devices. Some models of SCSI devices support "hot swapping" which allows you to replace them while the system is running.

However SCSI drives tend to be more expensive than IDE drives. Software RAID Partitions Or Entire Disks? www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Software RAID

Page 149 of 167

It is generally a not a good idea to share RAID configured partitions with non RAID partitions. The reason for this is obvious as a disk failure could still incapacitate a system. If you decide to use RAID, all the partitions on each RAID disk should be part of a RAID set. Backup Your System First Software RAID creates the equivalent of a single RAID virtual disk drive made up of all the underlying regular partitions used to create it. You will have to format this new RAID device before your Linux system will be able to store files on it. This will cause all the old data on the underlying RAID partitions to be lost. It is best to backup the data on these and any other partitions on the disk drive on which you want implement RAID. A mistake could unintentionally corrupt valid data.

26.3 Configure RAID In Single User Mode As you will be modifying the disk structure of your system you should also consider configuring RAID while your system is running in single user mode from the VGA console. This will make sure that most applications and networking will be shutdown and that all other users will not be able to access the system. This will reduce the risk of data corruption during the exercise. [root@skynet tmp]# init 1

26.3.1 Configuring Software RAID Configuring RAID using Fedora Linux requires a number of steps that need to be followed carefully. In our example we'll be configuring RAID 5 using a system with three pre-partitioned hard disks. Make sure you create these partitions on SCSI Disk array. The partitions to be used will be: /dev/sdb1 /dev/sdc1 /dev/sdd1 You'll need to adapt the various stages outlined below to your particular environment. RAID Partitioning You will first need to identify two or more partitions, each on a separate disk. If you are doing RAID 0 or RAID 5, the partitions should be of approximately the same size, as in this scenario, RAID will limit the extent of data access on each partition to an area no larger than that of the smallest partition in the RAID set. Determining Available Partitions Use the "fdisk -l" command to view all the mounted and unmounted filesystems available on your system. Prepare The Partitions With FDISK You have to change each partition in the RAID set to be of type FD (Linux raid autodetect). This can be done using fdisk. Here is an example using /dev/sdb1 [root@skynet tmp]# fdisk /dev/sdb

The number of cylinders for this disk is set to 8355. There is nothing wrong with that, but this is larger than 1024, and could in certain setups cause problems with: 1) software that runs at boot time (e.g., old versions of LILO) 2) booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK) Command (m for help): Use FDISK Help We now use the fdisk "m" command to get some help Command (m for help): m ... ... www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Software RAID

Page 150 of 167

p print the partition table q quit without saving changes s create a new empty Sun disklabel t change a partition's system id ... ... Command (m for help): Set The ID Type To FD Partition /dev/sdb1 is the 1st partition on disk /dev/hde. We now modify its "type" using the "t" command and then specifying the partition number and type code. We also use the "L" command to get a full listing of ID types in case we forget. Command (m for help): t Partition number (1-5): 1 Hex code (type L to list codes): L ... ... ... 16 Hidden FAT16 61 SpeedStor a9 NetBSD f2 DOS secondary 17 Hidden HPFS/NTF 63 GNU HURD or Sys ab Darwin boot fd Linux raid auto 18 AST SmartSleep 64 Novell Netware b7 BSDI fs fe LANstep 1b Hidden Win95 FA 65 Novell Netware b8 BSDI swap ff BBT Hex code (type L to list codes): fd Changed system type of partition 1 to fd (Linux raid autodetect) Make Sure The Change Occurred Use the "p" command to get the new proposed partition table

Command (m for help): p Disk /dev/hde: 4311 MB, 4311982080 bytes 16 heads, 63 sectors/track, 8355 cylinders Units = cylinders of 1008 * 512 = 516096 bytes Device Boot /dev/sdb1 /dev/sdb2

Start 1 4089

End 4088 5713

Blocks 2060320+ 819000

Id fd 83

System Linux raid autodetect Linux

Save The Changes Use the "w" command to permanently save the changes to disk /dev/hde. Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. WARNING: Re-reading the partition table failed with error 16: Device or resource busy. The kernel still uses the old table. The new table will be used at the next reboot. Syncing disks. [root@skynet tmp]# The error above will occur if any of the other partitions on the disk is mounted. Repeat For The Other Partitions Seps for changing the IDs for /dev/sdc1 and /dev/sdd1 are very similar.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Software RAID

Page 151 of 167

Edit the RAID Configuration File The Linux RAID configuration file is /etc/raidtab. Templates for this file may be found in the /usr/share/doc/raidtools* directory and explanation of the various parameters can be viewed with the command "man raidtab".

General Guidelines    

When configuring RAID 5 a "parity-algorithm" setting must be used. The "raid-disk" parameters for each partition in the /etc/raidtab file are numbered starting at "0". For example, if you have four partitions for RAIN, they would be numbered 0, 1, 2 & 3. For RAID levels 1, 4 and 5 /etc/raidtab "persistent-superblock" must be set to "1" in order for the RAID autodetect feature (partition type FD) to work. For all RAID versions, "persistent-superblock" must be set to "0"

In our example: We configure RAID 5 on using each of the desired partitions on the 3 disks (sdb1, sdc1 sdd1). The set of 3 RAID disks will be called /dev/md0. # # sample raiddev configuration file # 'old' RAID0 array created with mdtools. # raiddev /dev/md0 raid-level 5 nr-raid-disks 3 persistent-superblock 1 chunk-size 32 parity-algorithm left-symmetric device /dev/sdb1 raid-disk 0 device /dev/sdc1 raid-disk 1 device /dev/sdd1 raid-disk 2

26.3.2 Create the RAID Set The mkraid command creates the RAID set by reading the /etc/raidtab file. In this case we want to create the logical RAID device /dev/md0 [root@skynet tmp]# mkraid /dev/md0 analyzing super-block disk 0: /dev/sdb1, 104391kB, raid superblock at 104320kB disk 1: /dev/sdc1, 104391kB, raid superblock at 104320kB disk 2: /dev/sdd1, 104391kB, raid superblock at 104320kB Confirm RAID Is Correctly Inititalized The /proc/mdstat file provides the current status of all RAID devices. Confirm that the initialization is finished by inspecting the file and making sure that there are no initialization related messages. [root@skynet tmp]# cat /proc/mdstat Personalities : [raid5] read_ahead 1024 sectors md0 : active raid5 sdd1[2] sdb1[1] sdc1[0] 4120448 blocks level 5, 32k chunk, algorithm 3 [3/3] [UUU] unused devices:

Format The New RAID Set www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Software RAID

Page 152 of 167

Your new RAID device will now have to be formatted. In the example below:  

We use the "-j" qualifier to ensure that a journaling file systems is created. A block size of 4KB (4096 bytes) is used with each chunk being comprised of 8 blocks. It is very important that the "chunk-size" parameter in the /etc/raidtab file match the value of the block size multiplied by the stride value in the command below. Note: If the values don't match, then you will get parity errors. [root@skynet tmp]# mke2fs -j -b 4096 -R stride=8 /dev/md0 mke2fs 1.32 (09-Nov-2002) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) 516096 inodes, 1030160 blocks 51508 blocks (5.00%) reserved for the super user First data block=0 32 block groups 32768 blocks per group, 32768 fragments per group 16128 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736 Writing inode tables: done Creating journal (8192 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 26 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override.

Load The RAID Driver For The New RAID Set The next step is make the Linux operating system fully aware of the RAID set by loading the driver for the new RAID set using the raidstart command. [root@skynet tmp]# raidstart /dev/md0 Create A Mount Point For The RAID Set The next step is to create a mount point for /dev/md0. In this case we'll create one called /mnt/raid [root@skynet mnt]# mkdir /mnt/raid Edit The /etc/fstab File The /etc/fstab file lists all the partitions that need to be mounted when the system boots.

Add an Entry for the RAID set We'll now add an entry for the /dev/md0 device. Here is an example of a line that could be used: /dev/md0

/mnt/raid

ext3

defaults

1 2

Note: It is very important that you DO NOT use labels in the /etc/fstab file for RAID devices, just use the real device name such as "/dev/md0". On startup, the /etc/rc.d/rc.sysinit script checks the /etc/fstab file for device entries that match RAID set names in the /etc/raidtab file. It will not automatically start the RAID set driver for the RAID set if it doesn't find a match. Device mounting then occurs later on in the boot process. Mounting a RAID device that doesn't have a loaded driver can corrupt your data giving the error below. Mount The New RAID Set The mount command can now be used to mount the RAID set. Using the automount feature

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Software RAID

Page 153 of 167

The mount command's "-a" flag will cause Linux to mount all the devices in the /etc/fstab file that have automounting enabled (default) and that are also not already mounted. [root@skynet tmp]# mount -a Manually Mounting the RAID Set You can also mount the device manually. [root@skynet tmp]# mount /dev/md0 /mnt/raid

Check The Status Of The New RAID The /proc/mdstat file provides the current status of all the devices. When the raid driver is stopped, the file has very little information as seen below [root@skynet tmp]# raidstop /dev/md0 [root@skynet tmp]# cat /proc/mdstat Personalities : [raid5] read_ahead 1024 sectors unused devices: More information, including the partitions of the RAID set, is provided once the driver is loaded using the raidstart command. [root@skynet tmp]# raidstart /dev/md0 [root@skynet tmp]# cat /proc/mdstat Personalities : [raid5] read_ahead 1024 sectors md0 : active raid5 sdd1[2] sdb1[1] sdc1[0] 4120448 blocks level 5, 32k chunk, algorithm 3 [3/3] [UUU] unused devices:

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Glossary

Page 154 of 167

Glossary of Common Linux Terms (A) Account Name – Same as Login ID, User ID, or User Name. The name assigned to a user on a UNIX/Linux system. Multiple users can be set up on a system with unique account names, each with varying access (permission) levels. After Linux installation, account names are assigned by the Superuser, or root operator. Awk – (Aho, Weinberger, and Kernighan) – A programming language useful for its pattern matching syntax, and often used for data retrieval and data transformation. A GNU version is called Gawk. APM (Advanced Power Management) – An industry standard for allowing the system processor and various components to enter power-saving modes, including suspend, sleep and off. APM software is especially important for mobile devices, because it saves battery power. Archive – A single large file containing multiple files, usually compressed to save storage space. Often created to facilitate transferring between computers. Popular archival formats include ARJ, TAR, ZIP and ZOO. Also, to create such an archive file.

(B) Background Process – A program that is running without user input. A number of background processes can be running on a multitasking operating system, such as UNIX/Linux, while the user is interacting with the foreground process (for example, data entry). Some background processes–daemons, for example–never require user input. Others are merely in the background temporarily while the user is busy with the program presently running in the foreground. Bash – (Bourne Again SHell) – An enhanced version of the Bourne Shell. (Also, see Korn Shell.) BDF Fonts – A variety of bitmapped fonts for the X Window System. (Also, see PostScript Fonts and TrueType Fonts.) Bin – A directory containing executable programs, primarily binary files. Binaries – Source code that has been compiled into executable programs. In the UNIX/Linux world, some software is distributed as source code only; other packages include both source and binaries; still others are distributed only in binary format. Bootstrap – is using a much smaller initial program to load in the desired program (which is usually an operating system). Boot Disk – A diskette (floppy) containing enough of an operating system (such as Linux) to boot up (start) the computer and run some essential programs from the command line. This may be necessary if the system was rendered non-bootable for some reason. A boot disk can be used to partition and format the hard drive, restore the Master Boot Record, or copy specific files, among other things. Bot – Short for Robot. A program designed to search for information on the Internet with little human intervention. Bourne Shell – A popular command line shell offering many advantages over the DOS command prompt. (Also, see Bash and Korn Shell.) BSD – (Berkeley Software Distribution) UNIX – UNIX distribution from University of California at Berkeley (Also, see FreeBSD.) Bzip2 – A newer file compression program for UNIX/Linux, providing smaller file sizes than Gzip

(C) CGI (Common Gateway Interface) – Used on Web servers to transmit data between scripts and/or applications and then return the data to the Web page or browser. CGI scripts are often created using the Perl language, and can generate dynamic Web content (including e-commerce shopping baskets, discussion groups, survey forms, current news, etc.).

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Glossary

Page 155 of 167

CHS – (Cylinder/Head/Sector) – Disk information required by FDISK during partitioning. Client – A machine that requests services (e-mail, for example) from a server. CLU – (Command Line Utility) – A program that is run from a command line session, or shell, such as Tar or Mkdir Cluster – A network of workstations (PCs or other) running Linux. (Also, see Beowulf.) Command Line Interface (CLI) – A full-screen or windowed text-mode session where the user executes programs by typing in commands with or without parameters. The CLI displays output text from the operating system or program and provides a command prompt for user input. Compiler – A program used to turn programming source code into an executable program. Console Application – A command line program that does not require (or perhaps even offer) a graphical user interface to run. Cron – A Linux daemon that executes specified tasks at a designated time or interval. CSV – Comma Separated Value file contains the values in a table as a series of ASCII text lines organized so that each column value is separated by a comma from the next column's value and each row starts a new line. CUPS – Common Unix Printing System provides a portable printing layer for UNIX and linux based operating systems

(D) Daemon – A background process of the operating system that usually has root security level permission. A daemon usually lurks in the background until something triggers it into activity, such as a specific time or date, time interval, receipt of e-mail, etc. Desktop – The operating system user interface, which is designed to represent an office esk with objects on it. Rather than physical telephones, lamps, in/out baskets, etc., the perating system desktop uses program and data icons, windows, taskbars, and the like. here are many different desktop environments available for Linux, including KDE, NOME, and X11, that can be installed by a user. (Also, see GUI, Window manager and X Window System.) Device Driver – A program that serves as an intermediary between the operating system nd a device (ports, drives, monitors, printers, etc.) defining to the operating system what apabilities the device has and translating the operating system commands into nstructions the device understands. Distribution – A packaging of the Linux kernel (core) with various user interfaces, utilities, drivers, and other software into a user deliverable. Often available as a free download or in a low-cost CD-ROM package. Popular distributions include Caldera OpenLinux, CoreLinux, Debian, Red Hat, Slackware, SuSE, TurboLinux and others.

(E) Emacs (Editing with MACroS) – A popular text editor. Enlightenment – One of several user interfaces (window managers). For more on fterStep, go to www.afterstep.org. (Also, see AfterStep, GNOME, KDE and X Window system.) Elm – was a popular e-mail program for users of Unix or linux based operating systems that runs in a cmd line mode (like reading email in DOS). Errata – Redhat has lots of this stuff EXT2 – Extended File System Version 2 is probably the most widely used filesystem in the Linux community. It provides standard Unix file semantics and advanced features. Moreover, thanks to the optimizations included in the kernel code, it is robust and offers excellent performance.

EXT3 – Extended File System Version 3 Ext3 support the same features as Ext2, but includes also Journaling. A journaling file system uses a separate area called a log or journal. Before metadata changes are actually performed, they are logged to this separate area. The operation is then performed. If the system crashes during the operation, there is enough information in the log to "replay" the log record and complete the operation. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Glossary

Page 156 of 167

(F) File System – A set of programs that tells an operating system how to access and nterpret the contents of a disk or tape drive, or other storage medium. Common file reparing Today for Linux Tomorrow systems include: FAT and FAT-32 (DOS/Windows), HPFS (OS/2), NFS, NTFS (Windows NT/2000), and others. Filter – A program that reads data (from a file, program output or command line entry) as input, processes it according to a set of predefined conditions (for example, sorted lphabetically) and outputs the processed data. Some filters include Awk, Grep, Sed and sort. Finger – A UNIX/Linux command that provides information about users that are logged on. Foreground Process – In a multitasking operating system, such as UNIX/Linux, the foreground process is the program that the user is interacting with at the present time (for example, data entry). Different programs can be in the foreground at different times, as the user jumps between them. In a tiered windowing environment, it is the topmost window. FreeBSD – (Free Berkeley Software Distribution) – Similar to Linux in that it includes many GNU programs and runs many of the same packages as Linux. However, some kernel functions are implemented differently. (Also, see BSD UNIX.) FTP – (File Transfer Protocol) – A method of transferring files to and from other computers–often software repositories.

(G) GCC – (GNU C Compiler) – A high-quality C compiler governed by the GPL. GIMP – (GNU Image Manipulation Program) – A popular image editor/paint program for Linux. GNOME (GNU Network Object Model Environment) – One of several user interfaces (window managers) for Linux, built with Gtk. For more on GNOME, go to www.gnome.org. (Also, see AfterStep, Enlightenment, KDE and X Window System.) GNU – (GNU is Not Unix) Project – An effort of the Massachusetts Institute of Technology (MIT) Free Software Foundation (FSF) to develop and promote alternatives to proprietary UNIX implementations. GNU software is licensed under the GPL. GNU/Linux – Same as Linux. So-called because many of the components included in a Linux distribution are GNU tools. GPL – (GNU General Public License) – A common usage and redistribution www.linuxdoc.org/LDP/gs/app-gpl/node1.html to see a copy of the GPL agreement.

license.

Visit

Grep – (Global Regular Expression and Print) – A tool that searches files for a string of text and outputs any line that contains the pattern Grub – A linux bootloader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel software. The kernel then starts the rest of the operating system. Gtk/Gtk+ – (GIMP ToolKit) – A powerful, fast open source graphics library for the X window System on UNIX/Linux, used by programmers to create buttons, menus and other graphical objects. (Also, see GNOME, Motif and Qt.) GUI (Graphical User Interface) – The collection of icons, windows, and other onscreen graphical images that provide the user’s interaction with the operating system. (Also, see Desktop and Window manager.) Gzip – (GNU zip) – The original file compression program for UNIX/Linux. Recent versions produce files with a .gz extension. (A .z or .Z extension indicates an older version of Gzip.) Compression is used to compact files to save storage space and reduce transfer time. (When combined with Tar, the resulting file extensions may be .tgz, .tar.gz or .tar.Z.)

(H)

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Glossary

Page 157 of 167

Home Directory – The directory the user is placed in after logging on. HTML – (Hyper Text Markup Language) – The standard markup language for designing Web pages. Markup “tags,” or formatting commands, allow the Web page designer to specify highlighting, position graphics, create hyperlinks, etc. HTTP – (Hyper Text Transport Protocol) – The set of guidelines created for requesting and sending HTML-based Web pages.

(I) Init – The first process to run immediately after the operating system loads. It starts the system in single-user mode or spawns a shell to read the startup files, and opens ports designated as login ports. IRC Internet relay chat. A older system of chatting online using the Internet. These can be more like the wild west days since there is usally little to no direct control or moderation of these.

(J) Java® – An object-oriented programming language developed by Sun Microsystems® to be operating system independent. Java is often used on Web servers. Java applications and applets are sometimes offered as downloads to run on users’ systems. Java programming can produce applications, or smaller Java “applets.” Java is a somewhat simplified version of the C++ language, and is normally interpreted rather than compiled. Java Applets – Small Java programs that are embedded in a Web page and run within a browser, not as a stand-alone application. Applets cannot access some resources on the local computer, such as files and serial devices (modems, printers, etc.), and generally cannot communicate with other computers across a network. JavaBeans – component architecture for the Java language. JavaBeans components are called Beans. JavaScript – A cross-platform World Wide Web scripting language, vaguely related to Java. It can be used as a server-side scripting language, as an embedded language in server-parsed HTML, and as an embedded language for browsers. JDK – (Java Development Kit) – A Java programming toolkit from Sun, IBM or others, available for UNIX/Linux and other operating systems. JFS – (Journaled/Journaling File System) – A file system that includes built-in backup/recovery capabilities. Changes to the index are written to a log file before the changes take effect so that if the index is corrupted (by a power failure during the index write, for example), the index can be rebuilt from the log, including the changes. JVM – (Java Virtual Machine) – A Java runtime environment, required for the running of Java programs, which includes a Java interpreter. A different JVM is required for each unique operating system (Linux, OS/2, Windows 98, etc.), but any JVM can run the same version of a Java program.

(K) KDE – (K Desktop Environment) – One of several user interfaces (window managers) for Linux, built with Qt. For more on KDE, go to www.kde.org. (Also, see AfterStep, Enlightenment, GNOME and X Window System.) Kernel – The core of the operating system, upon which all other components rely. The kernel manages such tasks as low-level hardware interaction and the sharing of resources, including memory allocation, input/output, security, and user access. Korn Shell – An enhanced version of the Bourne Shell, including extensive scripting support and command line editing. It supports many scripts written for the Bourne Shell. (Also, see Bash.)

(L) LGPL (Library GPL) – A variation of the GPL that covers program libraries. LILO – (LInux LOader) – A popular partition boot manager utility, capable of booting to operating systems other than Linux. It is not file system-specific. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Glossary

Page 158 of 167

Linux – An open source UNIX-like operating system, originally begun by Linus Torvalds. “Linux” really refers to only the operating system kernel, or core. More than 200 people have contributed to the development of the Linux kernel. The rest of a Linux distribution consists of various utilities, device drivers, applications, a user interface and other tools that generally can be compiled and run on other UNIX operating systems as well. Lindows – is a low-cost commercial Linux-based operating system with a user interface similar to the latest Microsoft Windows operating system. Although Lindows is proprietary and is not open source like Linux, Lindows is less expensive than Windows XP. LISA – (Lisp-based Intelligent Software Agents) is a production-rule system heavily influenced by JESS (Java Expert System Shell). It has at its core a reasoning (artifical intelligence) engine based on the Rete pattern matching algorithm. LISA also provides the ability to reason over ordinary CLOS objects. Log – To store application or system messages or errors. Also, a file that holds this information. Lynx – A popular non-graphical (text-based) Web browser.

(M) Macro – A set of instructions stored in an executable form. Macros may be applicationspecific (such as a spreadsheet or word processing macro that performs specific steps within that program) or general-purpose (for example, a keyboard macro that types in a user ID when Ctrl-U is pressed on the keyboard). Man – The UNIX/Linux command for reading online manual pages. MBR (Master Boot Record) – The first physical sector on a bootable disk drive. The place where the system BIOS looks when the computer is first booted, to determine which partition is currently active (bootable), before reading that partition’s first (boot) sector and booting from the partition. Mesa – An implementation of the OpenGL (Open Graphics Library) API (Application Programming Interface). It provides standard guidelines and a toolset for writing 2D and 3D hardware-assisted graphics software. MIME (Multipurpose Internet Mail Exchange) – A communications protocol that allows text e-mail messages to include non-textual (graphics, video or audio, for example) data. Motif – A powerful proprietary graphics library for UNIX/Linux, developed by the Open Software Foundation (OSF) and used by programmers to create buttons, menus and other graphical objects for the X Window System. Mozilla – was Netscape Communication's nickname for Navigator, its Web browser, and, more recently, the name of an open source public collaboration aimed at making improvements to Navigator. Mount – Identify a disk drive to the file system before use. Multitasking – The ability of an operating system to run more than one program, or task, at a time. A cooperative multitasking OS, like Windows 95/98, requires one application to voluntarily free up resources upon request so another application can use it. A preemptive multitasking OS, such as UNIX/Linux, Windows NT/2000 or OS/2, frees up resources when ordered to by the operating system, on a time-slice basis, or a priority basis, so that one application is unable to hog resources when they are needed by another program. Multithreading – The ability of an operating system to concurrently run programs that have been divided into subcomponents, or threads. Multithreading, when done correctly, offers better utilization of processors and other system resources. Multithreaded programming requires a multitasking/multithreading operating system, such as UNIX/Linux, Windows NT/2000 or OS/2, capable of running many programs concurrently. A word processor can make good use of multithreading, because it can spell check in the foreground while saving to disk and sending output to the system print spooler in the background.

(N) NFS (Network File System) – A file system that allows the sharing of files across a network or the Internet.

(O) Object-Oriented – A software development methodology that offers the programmer standard reusable software modules (components), rather than requiring the developer to write custom programming code each time. Using standard components reduces development time (because the writing and testing of those www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Glossary

Page 159 of 167

components has already been done by other programmers), and ensures a standard look and feel for programs using the same components. OO – See Object-Oriented. Open Source – A somewhat ambiguous term that refers to software that is released with its source code. The fact that the source code is provided does not necessarily mean that users can modify and redistribute the source code. The term is sometimes used interchangeably with “free software,” although they are not always the same. OSS (Open Sound System) – A device driver for accessing sound cards and other audio devices under UNIX/Linux. It evolved from the Linux Sound Driver, and supports most popular audio chips and adapters. OSS (Open Source Software) – See Open Source.

(P) PAM (Pluggable Authentication Modules) – A replaceable user authentication module for system security, which allows programs to be written without knowing which authentication scheme will be used. This allows a module to be replaced later with a different module without requiring rewriting the software. Panel – The name for the Linux equivalent of the Windows Taskbar. Partition – A contiguous section of a disk drive that is treated by the operating system as a physical drive. Thus, one disk drive can have several drive letters assigned to it. PCF fonts – A variety of bitmapped fonts to be used with the X Window System. PD – See Public Domain. PDF (Portable Document Format) files – Binary files created with Adobe Acrobat or other programs capable of producing output in this format. Used for producing operating system-independent documents, which can be viewed using Acrobat Reader or other programs, including Web browsers equipped with an Acrobat Reader plugin. Perl (Practical Extraction and Report Language) – A common scripting/programming language. It is often used on UNIX/Linux Web servers for generating CGI scripts. PGP (Pretty Good Privacy) – A high-security, public-key data encryption program for UNIX/Linux and other operating systems. PHP is a script language and interpreter that is freely available and used primarily on Linux Web servers. Piping Symbol – The | keyboard character (the Shift-Backslash character above the Enter key on a typical 101key keyboard). It is often used to feed the output from one command or program to another. For example, history | grep mcopy sends the contents of the .bash_history file (via the history command) to the grep program, searching for the string “mcopy”. (Also, see Append Symbol and Redirection Symbol.) Pine is a program for Internet News & Email - is a tool for reading, sending, and managing electronic messages. PL file extension for a perl script Port/Ported/Porting – The process of taking a program written for one operating system platform and modifying it to run on another OS with similar functionality. There is generally little or no attempt to customize the program to take advantage of the unique capabilities of the new operating system, as opposed to optimizing an application for a specific operating system. Portable – A term referring to software that is designed to be use on more than one operating system with only minor modifications and recompilation. POSIX (Portable Operating System Interface for uniX) – A set of programming interface standards governing how to write application source code so that the applications are portable between operating systems. POSIX is based on UNIX and is the basis for the X/Open specification of The Open Group. PostScript – A page description language developed by Adobe Systems that tells a printer how to display text or graphics on a printed page. PostScript Fonts – A wide variety of fonts that can be used with OS/2, MS Windows and the X Window System. Font files include those with .afm, .pfa and .pfb extensions. Sometimes called Adobe Type 1 fonts, or ATM

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Glossary

Page 160 of 167

(Adobe Type Manager) fonts. PostScript fonts typically require a PostScript-compatible printer. (Also, see BDF Fonts and TrueType Fonts.) Process – An executing program. (Also, see Multitasking and Multithreading.) Public Domain – Software that is available to be used and modified by anyone, for any purpose, and may even be incorporated for distribution in commercial software. Public domain software is not copyrighted, and no rights are retained by the author. Public Key Encryption – A method of data encryption that involves two separate keys: a public key and a private key. Data encrypted with the public key can be decrypted only with the private key and vice versa. Typically, the public key is published and can be used to encrypt data sent to the holder of the private key, and the private key is used to sign ata. Python – An object-oriented p-code programming language.

(Q) Qt – A powerful, fast open source graphics library for the X Window System on UNIX/Linux, which is used by programmers to create buttons, menus, and other graphical objects. (Also, see Gtk/Gtk+ and KDE.) Queue – (Sometimes incorrectly spelled Que.) A list of tasks awaiting execution, as in “the print queue.” Qmail – is one of the more popular email servers also called a SMTP server

(R) RAID (Redundant Array of Independent/Inexpensive Disks/Devices) – A method of providing data redundancy, improved performance and/or quick data recoverability from disk crashes, by spreading or duplicating data across multiple disk drives. Commonly used RAID types include RAID 0 (Data Striping), RAID 1 (Disk Mirroring) and RAID 5 (Striping with Distributed Parity). RAID configurations typically require SCSI disk drives (not IDE/EIDE) and may require identical drives (same capacity, brand, etc.). RAID arrays appear to the operating system as a single device. RC File – A script file containing the startup instructions for a program (an application or even the operating system). The file, to be executed automatically when the operating system is started, contains a list of instructions (commands or other scripts) to run. RCS (Revision Control System) – A suite of programs that controls shared access to files in a group environment and tracks text file changes. Generally used for maintaining programming source code modules. Rdev – A utility for obtaining information about a Linux system. It is used to query and set the image root device, the video mode, the swap device and a RAM disk.

Redirection Symbol – The > keyboard character. It is often used to send the output from a command to a text file. For example, ls -a > output.txt sends the current directory list to a file called output.txt. Repeating the command will replace the content of the file with new data. (Also, see Append Symbol and Piping Symbol.) RFS (Remote File Sharing) – A program that lets the user access files on another computer as if they were on the user’s system. Root Operator – The user ID with authority to perform all system-level tasks. (Also called Superuser) Root Window – The underlying session in which the Linux desktop runs. RPM (RPM Package Manager) – A packaging and installation tool for Internet downloads, included with some Linux distributions. It produces files with a .RPM extension. Similar to Dpkg.

(S) Script – A set of commands stored in a file. Used for automated, repetitive, execution. Session – A complete interaction period between the user and the operating system, from login to logoff.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Glossary

Page 161 of 167

Shareware – A form of commercial software, where it is offered as “try before you buy”. If the customer continues to use the product after a short trial period, they are required to pay a specified, usually nominal, fee. (Also, see Open Source and Public Domain.) Shell – A text-mode window containing a command line interface to the operating system. Shell Prompt – The user input area of a shell. Whereas in a DOS shell the command prompt is designated by a Greater Than (>) symbol, in Linux it is usually a Percent (%) symbol, Dollar sign ($) or other special character, depending on the shell used. Shell Script – A script designed to be run automatically when a shell is started. SHTTP (Secure Hyper Text Transport Protocol) – A secure, encrypted version of HTTP used for financial transactions and other private information sent via the Internet. Slash (/) – The symbol used in file pathnames, instead of the backslash (\) used in the DOS/Windows and OS/2 operating systems. Source Code – Programming commands in their raw state as input by a programmer. Some programming languages allow the commands to be executed on the fly by a program interpreter. Other languages require the commands to be compiled into executable programs (binaries) before they can be used. In the UNIX/Linux world, some software is distributed as source code only; other packages include both source and binaries; still others are distributed in binary format only. SPAM – Unsolicited email. Currently it is estimated that world wide over 50% of all email is SPAM Spool (Simultaneous Peripheral Operation On-Line) – To send data to a program that queues up the information for later use (for example, the print spooler). SQL (Structured Query Language) – The language used for manipulating records and fields (rows and columns) in a relational database. Sometimes erroneously pronounced “sequel”. Steganography – The practice of hiding one piece of information within another. One example is putting an invisible digital watermark in a digitized photograph. String – A sequence of characters, as in a “search string.” Superuser – Usually synonymous with root operator. Swap – To temporarily move data (programs and/or data files) from random access memory to disk storage (swap out), or back (swap in), to allow more programs and data to be processed than there is physical memory to hold it. Also called Virtual Memory. Swap Space – Where swapped data is temporarily stored on disk. Linux uses a dedicated disk partition for swap space, rather than a specific swap file. Symbolic link – An alias or shortcut to a program or file. Sync – To force all pending input/output to the disk drive. Syslog – The UNIX/Linux System Logger, where all system messages or errors are stored.

(T) Tag – A command in a markup language, such as HTML, to display information in a certain way, such as bold, centered or using a certain font. Tar (Tape ARchive) – A file packaging tool included with UNIX/Linux for the purpose of assembling a collection of files into one combined file for easier archiving. It was originally designed for tape backup, but today can be used with other storage media. When run by itself, it produces files with a .tar extension. When combined with Gzip, for data compression, the resulting file extensions may be .tgz, .tar.gz or .tar.Z. Tarball – A file created by the Tar utility, containing one or more other archived and, optionally, compressed files. TeX – A popular macro-based text formatter. The basis for other such formatters, including LaTeX and teTeX. TFTP (Trivial File Transfer Protocol) – A simplified version of FTP without authentication or many other basic features of FTP. www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Glossary

Page 162 of 167

Thread – A small piece of programming that acts as an independent subset of a larger program, also called a “process”. A multithreaded program can run much faster than a monolithic, or single-threaded, program because several, or even many, different tasks can be performed concurrently, rather than serially (sequentially). Also, threads within a single application can share resources and pass data back and forth between themselves. Time-sharing – A method of allowing multiple users to share a processor by allocating each user a portion of the processor resources on a timed basis and rotating each user’s processes within those time segments. (Also, see Multitasking.) Torvalds, Linus – The original creator of the Linux kernel in 1991, holder of the Linux copyright, and currently still the coordinator of the Linux development project. Touch – A command that changes the date/time stamp of a file without affecting the contents. TrueType Fonts – A wide variety of fonts designed to be printer-independent, unlike PostScript fonts available for the Apple Macintosh and Windows. Not commonly used with UNIX/Linux. (Also, see BDF Fonts and PostScript Fonts.) Tux – The name of the fictional Linux penguin mascot.

(U) UNIX – UNIX began as a proprietary operating system developed by Bell Laboratories in the 1960s. It eventually spawned a number of mutually incompatible commercial versions from such companies as Apple (Mac OS X), Digital (Digital UNIX), Hewlett-Packard (HPUX), IBM (AIX®), NeXT (NeXTSTEP) and others. UUCP – A set of programs and protocols that have become the basis for a worldwide network of UNIX computers named after the UNIX to UNIX Copy Program.

(V) Virtual Desktop – A method for expanding the user’s workspace beyond the boundaries of the computer screen. The desktop may be scrollable left and right, up and down, as if a larger desktop were positioned behind the glass screen and moved around to reveal icons, windows and other objects that were “off-stage,” or out of view. Alternatively, as with the KDE desktop, multiple buttons may be available, each of which displays an area of desktop equal to the size of the glass screen and which can each contain different objects. Virtual Machine – Virtual Machines (VMs) are features of central processor chips that isolate an area of memory from the rest of the system. Because operating systems and applications run in a “protected mode” environment, if a program freezes in one Virtual Machine it will not affect the operation of the programs and operating systems running outside of that Virtual Machine. Virtual Memory – The process of using a portion of disk space as a temporary storage area for memory synonymous with Swap. VRML (Virtual Reality Modeling Language) – A primarily Web-based language used for 3D effects (such as building walk-throughs).

(W) Widget – A graphical user interface programming object (button, scrollbar, radio button, etc.) for the X Window System. (Also, see X Window System.) Window Manager – The graphical user interface (GUI) that runs on top of X Window to provide the user with windows, icons, taskbars and other desktop objects. Wine – is a Windows compatibility layer. Wine does not require Microsoft Windows, as it is a completely alternative implementation consisting of 100% Microsoft-free code, but it can optionally use native system DLLs if they are available. This is what you would use if you wanted to run a windows program on a linux machine WineX – is the equivilant of wine except it main strength is the ability to play games designed for Windows Working Directory – Another name for the current directory, or the directory in which the user is currently working.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Glossary

Page 163 of 167

Workspace – Another name for the Root Window, or Desktop. Wrapper – A program used to start another program.

(X) X Window System – A graphical windowing environment for UNIX. The underlying programming required by many user interfaces (Also, see Desktop, Window Manager and XFree86.) X11 – Version 11 of the X Window System. XDM (X Display Manager) – User-friendly login front end for the X Window System. Often used in a cyber café or campus environment where users who are not familiar with UNIX need occasional access. XFree86 – A version of the X Window System for Linux. Used by GNOME, KDE and other Linux user interfaces/window managers. XHTML (extensible Hyper Text Markup Language) – An enhanced version of HTML that supports programmerdefined extensions like XML. Ximian - was a company that provided open source desktop applications for Linux and UNIX based on the GNOME platform. XML (eXtensible Markup Language) – A powerful new markup language for designing Web pages; an alternative to the older HTML, allowing programmers to define their own markup tags, or formatting commands.

(Y) Y (why) – Y not? I needed something to go here…. YaST – Yest another Setup Tool same funciton and purpose as linuxconf. See linuxconf for more information.

(Z) Zip – A popular form of file compression/archiving available on many operating system Platforms, including DOS/Windows, OS/2 and UNIX/Linux. Popular tools include PKZip/PKUnzip and Zip/Unzip. Not to be confused with the Iomega Zip disk, this is a removable storage device. (Confusingly, a zipped file can be stored on a Zip disk—or not. They are unrelated.) Zipped files will have a .zip extension. Zone – An area of a network under administrative or other control. In a name server configuration, a domain can be a zone. Zones can be further subdivided into subzones, each having its own administrators and servers. Zoo – A format for compression and archiving available for UNIX/Linux. Files packaged this way sport a .zoo file extension.

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Index

Page i

INDEX 1. Linux Introduction ...............................................................................................................................1 1.1. Open Source and Free Software ............................................................................................................. 1 1.1.1. History ............................................................................................................................................. 1 1.2. GPL and Open Source Licenses ............................................................................................................. 2 1.3. About Linux ............................................................................................................................................ 2 1.4. Current Support for Networking Services ................................................................................................. 3 1.5. Flexibility of Open Source Software ......................................................................................................... 3 2. The Linux Distribution Comparison....................................................................................................4 2.1 Red Hat Linux.......................................................................................................................................... 4 2.1.1 Fedora Linux..................................................................................................................................... 4 2.1.2 RedHat Enterprise Linux.................................................................................................................... 4 Server Solutions: ................................................................................................................................... 5 Client Solutions:..................................................................................................................................... 5 2.1.3 Red Hat Enterprise Linux system configuration limits.......................................................................... 6 2.2. Mandrake Linux ...................................................................................................................................... 7 2.3 SuSE Linux.............................................................................................................................................. 7 2.4 Debian GNU/Linux................................................................................................................................... 7 2.5 Slackware Linux ...................................................................................................................................... 8 2.6 Caldera OpenLinux.................................................................................................................................. 8 2.7. Top 6 Distributions.................................................................................................................................. 8 2.7.1 Evaluation Criteria and Description .................................................................................................... 9 2.7.2 Organizational Structure.................................................................................................................... 9 2.7.3 Ease of Installation Process............................................................................................................. 10 2.7.4 Commitment to Open Source........................................................................................................... 10 2.7.5 Per Seat Licensing .......................................................................................................................... 10 2.7.6 Target Market ................................................................................................................................. 11 2.7.7 Software Upgrades / Support........................................................................................................... 11 2.7.8 License Fee .................................................................................................................................... 11 3. Linux Installation............................................................................................................................... 12 3.1 Hardware Requirements ........................................................................................................................ 12 3.2 Planning the Installation ......................................................................................................................... 12 3.3 How Much Space Is Required? .............................................................................................................. 13 3.4 Partitioning Naming Conventions............................................................................................................ 14 3.5 Install Options........................................................................................................................................ 14 4. Boot Loaders ..................................................................................................................................... 16 4.1 Boot Loaders and System Architecture................................................................................................... 16 4.1.1 Features of GRUB........................................................................................................................... 16 4.1.2 File Names and Blocklists................................................................................................................ 18 4.1.3 GRUB's Root File System................................................................................................................ 18 4.1.4 GRUB Commands .......................................................................................................................... 19 4.1.5 GRUB Menu Configuration File........................................................................................................ 20 4.1.6 Configuration File Structure ............................................................................................................. 21 4.2 LILO...................................................................................................................................................... 21 4.2.1 LILO and the x86 Boot Process ....................................................................................................... 21 4.2.2 LILO versus GRUB ......................................................................................................................... 22 5. Linux Boot Process ........................................................................................................................... 24 5.1 Init, and Shutdown ................................................................................................................................. 24 5.1.1 Linux Run levels.............................................................................................................................. 24 5.2 System startup script /etc/rc.d/rc.sysinit .................................................................................................. 25 5.2.1 Controlling the boot time services using “chkconfig”.......................................................................... 27 Chkconfig Examples ............................................................................................................................ 27 5.2.2 The “service” command................................................................................................................... 27 6. Linux File System .............................................................................................................................. 29 6.1 Ex2 and Ext3 FIlesystem........................................................................................................................ 29 6.2 Preparing Partitions on Disks ................................................................................................................. 30 6.2.1 Device Naming Convention ............................................................................................................. 30 6.2.3 Adding a New Partition .................................................................................................................... 31 6.2.2 Verify the New Partition ................................................................................................................... 32 www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Index

Page ii

6.3 Managing Swap Space .......................................................................................................................... 32 6.3.1 Creating Swap Space...................................................................................................................... 32 7. Overview of Linux File System Hierarchy Standard (FHS) ............................................................... 34 7.1 FHS Organization .................................................................................................................................. 34 The /dev/ Directory............................................................................................................................... 34 The /etc/ Directory................................................................................................................................ 34 The /lib/ Directory................................................................................................................................. 34 The /mnt/ Directory .............................................................................................................................. 34 The /opt/ Directory ............................................................................................................................... 34 The /proc/ Directory ............................................................................................................................. 35 The /sbin/ Directory.............................................................................................................................. 35 The /usr/ Directory ............................................................................................................................... 35 The /usr/local/ Directory ....................................................................................................................... 36 The /var/ Directory ............................................................................................................................... 36 7.1.2. /usr/local/ in Red Hat Linux............................................................................................................. 37 7.2. Special File Locations ........................................................................................................................... 37 7.3 Files in the /etc/sysconfig/ Directory........................................................................................................ 37 8. Linux Desktop Enviornments............................................................................................................ 39 8.1 GNOME ................................................................................................................................................ 39 8.2 KDE ...................................................................................................................................................... 41 9. Linux Accout Management................................................................................................................ 44 9.1 Managing User Accounts ....................................................................................................................... 44 9.1.2 Passwds............................................................................................................................................. 44 9.1.3 Files Controlling User Accounts and Groups .................................................................................... 44 /etc/passwd ......................................................................................................................................... 45 /etc/shadow ......................................................................................................................................... 45 /etc/group ............................................................................................................................................ 46 /etc/gshadow ....................................................................................................................................... 46 9.2 User Management Commands............................................................................................................... 47 Adding Users........................................................................................................................................... 48 Changing Passwords ............................................................................................................................... 48 Delete Users ........................................................................................................................................... 49 Setup User Aging................................................................................................................................. 49 9.3 Setting Up Quotas ................................................................................................................................. 49 9.3.1 Understanding Disk Quotas ............................................................................................................. 49 9.3.2 Settingup and configuring the Quotas .............................................................................................. 50 9.3.3 Initialize The Quota Table................................................................................................................ 51 9.4 Other Quota Topics................................................................................................................................ 52 9.4.1 Editing Group Quotas...................................................................................................................... 52 9.5 Using Sudo............................................................................................................................................ 52 9.5.1 What is SUDO?............................................................................................................................... 52 9.5.2 Example Using sudo ....................................................................................................................... 53 The visudo command............................................................................................................................... 53 Simple /etc/sudoers Examples ................................................................................................................. 53 10. Red Hat Package Manager (RPMs).................................................................................................. 55 10.1 Introduction.......................................................................................................................................... 55 10.2 What Is a Package? ............................................................................................................................. 55 10.2.1 What Is RPM?............................................................................................................................... 55 10.3.1 Listing Installed RPMs ................................................................................................................... 55 10.3.2 Listing Files Associated With RPMs ............................................................................................... 56 10.3.4 Listing Files For Already Installed RPMs ........................................................................................ 56 10.2 Managing RPMs .................................................................................................................................. 56 11. Linux Networking............................................................................................................................. 58 11.1 Configuring Your NIC's IP Address ....................................................................................................... 58 11.1.1 Determining Your IP Address......................................................................................................... 58 11.1.2 Changing Your IP Address ............................................................................................................ 58 11.1.3 network-scripts File Formats : ........................................................................................................ 59 11.2 Multiple IP Addresses On A Single NIC................................................................................................. 59 11.2.1 Viewing Your Current Routing Table .............................................................................................. 60 11.3 Convert Your Linux Server Into A Router .............................................................................................. 60 11.3.1 Configuring IP Forwarding ............................................................................................................. 60 11.4 Setting Up A Telnet Server................................................................................................................... 61 www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Index

Page iii

11.5 Setting up rsh and rlogin ...................................................................................................................... 62 11.6 Configuring an FTP server ................................................................................................................... 62 12. NFS .................................................................................................................................................. 65 12.1 NFS Operational Overview................................................................................................................... 65 12.2 Important NFS Daemons...................................................................................................................... 65 12.3 Configuring NFS on The Server............................................................................................................ 65 12.3.1 The /etc/exports File...................................................................................................................... 65 12.4 Configuring NFS on The Client ............................................................................................................. 66 12.4.1 Starting NFS on the Client ............................................................................................................. 66 12.4.2 Making NFS Mounting Permanent ................................................................................................. 67 12.4.3 Activating Modifications To The /etc/exports File ............................................................................ 67 12.4.4 Deleting, Moving Or Modifying A Share.......................................................................................... 67 13. Centralized Logins Using NIS.......................................................................................................... 69 13.1 Introduction to NIS ............................................................................................................................... 69 13.2 Configuring The NFS Server for NIS..................................................................................................... 69 13.2.1 Configuring The NFS Client for NIS................................................................................................ 69 13.3 Configuring The NIS Server.................................................................................................................. 70 13.3.1 Required NIS Server Daemons...................................................................................................... 71 13.3.2 Initialize Your NIS Domain ............................................................................................................. 71 13.4 Managing NIS server ........................................................................................................................... 72 13.5 Configuring The NIS Client................................................................................................................... 73 14. DNS.................................................................................................................................................. 75 14.1 Introduction to DNS.............................................................................................................................. 75 14.2 Basic DNS Testing of DNS Resolution.................................................................................................. 75 14.4 Configuring DNS.................................................................................................................................. 76 14.3 The /etc/resolv.conf File ....................................................................................................................... 76 15.DHCP/Bootp...................................................................................................................................... 81 15.1 DHCP Operational Overview ................................................................................................................ 81 15.2 the /etc/dhcpd.conf File ........................................................................................................................ 81 15.2.1 Start the DHCP services................................................................................................................ 82 15.3 Configuring Linux Clients To Use DHCP............................................................................................... 83 16. Apache Web Server ......................................................................................................................... 84 16.1 Introduction - What is Apache............................................................................................................... 84 16.2. Configuring Apache............................................................................................................................. 84 16.2.1 Configure the /etc/httpd/conf/httpd.conf file..................................................................................... 85 16.3.1 Where To Put Your Web Pages ..................................................................................................... 89 16.3.2 Named Virtual Hosting................................................................................................................... 90 17. Sharing Resources Using SAMBA .................................................................................................. 92 17.1 Introduction.......................................................................................................................................... 92 17.2. Configuring SAMBA ............................................................................................................................ 92 17.3 Configuring SWAT (Samba Web Administration Tool) ........................................................................... 92 17.3.1 Basic SWAT Setup........................................................................................................................ 93 18. KICKSTART (Network Based Linux Inst over the NFS)................................................................... 94 18.1 Introduction.......................................................................................................................................... 94 18.2 Setting up the Installation Server .......................................................................................................... 95 18.2.1 Create the Installation Directories .................................................................................................. 95 18.2.3 Setup Your NFS Server ................................................................................................................. 95 18.2.4 Setup DNS and DHCP servers. ..................................................................................................... 96 18.2.5 Create Kickstart Configuration Files ............................................................................................... 96 18.3 Kickstart Configurator........................................................................................................................... 96 19. SQUID Proxy server....................................................................................................................... 101 19.1 Introduction to SQUID ........................................................................................................................ 101 19.2 Configuring SQUID ............................................................................................................................ 101 19.2.1 The /etc/squid/squid.conf File ...................................................................................................... 101 19.2.2 Access Control Lists.................................................................................................................... 102 19.2.3 Restricting Web Access by Time.................................................................................................. 102 19.2.4 Configure the Web Browsers to Use Your Squid Server................................................................ 103 20. IPTABLES (Netfilter) ...................................................................................................................... 104 20.1 What is iptables? ............................................................................................................................... 104 20.1.1 Overview..................................................................................................................................... 104 Capabilities........................................................................................................................................ 104 Packet STATES:................................................................................................................................ 105 www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Index

Page iv

IPTABLES Examples ......................................................................................................................... 105 Saving iptable Scripts......................................................................................................................... 106 21. Linux Resource Monitoring........................................................................................................... 107 21.1 Resource Monitoring Commands........................................................................................................ 107 free ....................................................................................................................................................... 107 top ........................................................................................................................................................ 107 The GNOME System Monitor — A Graphical top .................................................................................... 108 vmstat ................................................................................................................................................... 109 pstree.................................................................................................................................................... 109 21.2 The proc File System....................................................................................................................... 110 21.2.1 Top-level Files in the proc File System ..................................................................................... 111 22. Backups......................................................................................................................................... 114 22.1 Introduction........................................................................................................................................ 114 22.2 Different Data: Different Backup Needs .............................................................................................. 114 22.3 Types of Backups .............................................................................................................................. 114 22.3.1 Full Backups ............................................................................................................................... 115 22.3.2 Incremental Backups................................................................................................................... 115 22.3.3 Differential Backups .................................................................................................................... 115 22.4. Backup Media................................................................................................................................... 115 Tape ..................................................................................................................................................... 116 Disk....................................................................................................................................................... 116 Network................................................................................................................................................. 116 22.5 Red Hat Linux-Specific Information (applies to all versions)................................................................. 116 22.5.1 Software Support ........................................................................................................................ 116 22.5.2 Backup Utilities ........................................................................................................................... 117 tar ..................................................................................................................................................... 117 cpio ................................................................................................................................................... 117 AMANDA........................................................................................................................................... 117 dump/restore ..................................................................................................................................... 118 22.6 Working with “dump/restore”............................................................................................................... 118 22.6.1 Making backups with dump.......................................................................................................... 119 22.6.2 Restoring files with “restore” command ........................................................................................ 120 22.7 Managing the tape “mt” Command...................................................................................................... 121 23. Printers .......................................................................................................................................... 126 23.1. Types of Printers............................................................................................................................... 126 23.1.1. Printing Considerations............................................................................................................... 126 Function ............................................................................................................................................ 126 Cost .................................................................................................................................................. 127 23.6. Printer Languages and Technologies................................................................................................. 127 23.7. Networked Versus Local Printers....................................................................................................... 127 23.8 Printer Configuration .......................................................................................................................... 128 Printing a Test Page .......................................................................................................................... 132 Modifying Existing Printers ................................................................................................................. 133 Queue Name ..................................................................................................................................... 133 Queue Type....................................................................................................................................... 133 Printer Driver ..................................................................................................................................... 133 Driver Options.................................................................................................................................... 133 Saving the Configuration File.............................................................................................................. 134 Printer Configuration .......................................................................................................................... 134 Command Line Configuration ............................................................................................................. 135 Managing Print Jobs .......................................................................................................................... 136 Sharing a Printer................................................................................................................................ 138 Sharing a Printer with LPRng ............................................................................................................. 139 24.Upgrading the RedHat Linux Kernel............................................................................................... 141 24.1 Upgrading Kernel Step By Step .......................................................................................................... 141 25. Configuring Dumb Terminal .......................................................................................................... 145 26. Software RAID ............................................................................................................................... 146 26.1 RAID Types ....................................................................................................................................... 146 26.1.1 RAID 0........................................................................................................................................ 146 26.1.2 RAID 1........................................................................................................................................ 146 26.1.3 RAID 5........................................................................................................................................ 147 26.2 SCSI and IDE .................................................................................................................................... 148 www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

Linux Administration – Index

Page v

26.2.1 IDE Drives .................................................................................................................................. 148 26.2.2 SCSI Drives ................................................................................................................................ 148 26.3 Configure RAID In Single User Mode.................................................................................................. 149 26.3.1 Configuring Software RAID.......................................................................................................... 149 Edit the RAID Configuration File ......................................................................................................... 151 General Guidelines ............................................................................................................................ 151 26.3.2 Create the RAID Set.................................................................................................................... 151 Format The New RAID Set................................................................................................................. 151 Check The Status Of The New RAID .................................................................................................. 153 Glossary of Common Linux Terms ..................................................................................................... 154

www.wilshiresoft.com [email protected]

Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173

Rev Dt: 15-Oct-08 Ver: 1

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF